@drunk-pulumi/azure 0.0.24 → 0.0.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AzAd/EnvRoles.d.ts +2 -2
- package/AzAd/EnvRoles.js +19 -21
- package/AzAd/Role.d.ts +2 -3
- package/AzAd/Role.js +5 -7
- package/KeyVault/Helper.d.ts +4 -3
- package/KeyVault/Helper.js +18 -12
- package/KeyVault/VaultAccess.d.ts +0 -1
- package/KeyVault/VaultAccess.js +1 -24
- package/KeyVault/index.js +2 -12
- package/Sql/index.d.ts +11 -10
- package/Sql/index.js +77 -50
- package/Storage/index.d.ts +3 -3
- package/Storage/index.js +19 -25
- package/package.json +1 -1
package/AzAd/EnvRoles.d.ts
CHANGED
|
@@ -7,6 +7,6 @@ declare const envRoleConfig: {
|
|
|
7
7
|
export type EnvRoleNamesType = {
|
|
8
8
|
[k in keyof typeof envRoleConfig]: string;
|
|
9
9
|
};
|
|
10
|
-
export declare const getEnvRoleNames: (
|
|
11
|
-
declare const _default: (
|
|
10
|
+
export declare const getEnvRoleNames: () => EnvRoleNamesType;
|
|
11
|
+
declare const _default: () => EnvRoleNamesType;
|
|
12
12
|
export default _default;
|
package/AzAd/EnvRoles.js
CHANGED
|
@@ -22,33 +22,31 @@ const envRoleConfig = {
|
|
|
22
22
|
appName: 'Azure',
|
|
23
23
|
},
|
|
24
24
|
};
|
|
25
|
-
const getEnvRoleNames = (
|
|
26
|
-
readOnly: (0, Role_1.getRoleName)({ ...envRoleConfig.readOnly,
|
|
25
|
+
const getEnvRoleNames = () => ({
|
|
26
|
+
readOnly: (0, Role_1.getRoleName)({ ...envRoleConfig.readOnly, }),
|
|
27
27
|
contributor: (0, Role_1.getRoleName)({
|
|
28
|
-
...envRoleConfig.contributor
|
|
29
|
-
includeOrganization,
|
|
28
|
+
...envRoleConfig.contributor
|
|
30
29
|
}),
|
|
31
|
-
admin: (0, Role_1.getRoleName)({ ...envRoleConfig.admin,
|
|
30
|
+
admin: (0, Role_1.getRoleName)({ ...envRoleConfig.admin, }),
|
|
32
31
|
});
|
|
33
32
|
exports.getEnvRoleNames = getEnvRoleNames;
|
|
34
|
-
exports.default = (
|
|
35
|
-
//
|
|
36
|
-
(0, Role_1.default)({
|
|
37
|
-
...envRoleConfig.
|
|
38
|
-
|
|
39
|
-
permissions: [{ roleName: 'Reader', scope: AzureEnv_1.defaultScope }],
|
|
33
|
+
exports.default = () => {
|
|
34
|
+
//Admin
|
|
35
|
+
const adminGroup = (0, Role_1.default)({
|
|
36
|
+
...envRoleConfig.admin,
|
|
37
|
+
//permissions: [{ roleName: 'Reader', scope: defaultScope }],
|
|
40
38
|
});
|
|
41
39
|
//Contributor
|
|
42
|
-
(0, Role_1.default)({
|
|
40
|
+
const contributor = (0, Role_1.default)({
|
|
43
41
|
...envRoleConfig.contributor,
|
|
44
|
-
|
|
45
|
-
|
|
42
|
+
//permissions: [{ roleName: 'Reader', scope: defaultScope }],
|
|
43
|
+
members: [adminGroup.objectId],
|
|
46
44
|
});
|
|
47
|
-
//
|
|
48
|
-
|
|
49
|
-
...envRoleConfig.
|
|
50
|
-
|
|
51
|
-
|
|
45
|
+
//ReadOnly
|
|
46
|
+
(0, Role_1.default)({
|
|
47
|
+
...envRoleConfig.readOnly,
|
|
48
|
+
//permissions: [{ roleName: 'Reader', scope: defaultScope }],
|
|
49
|
+
members: [contributor.objectId],
|
|
52
50
|
});
|
|
53
51
|
//Add Global ADO Identity as Admin
|
|
54
52
|
const ado = (0, AzDevOps_1.getAdoIdentity)();
|
|
@@ -57,6 +55,6 @@ exports.default = (includeOrganization = true) => {
|
|
|
57
55
|
groupObjectId: adminGroup.objectId,
|
|
58
56
|
objectId: ado.principal.objectId,
|
|
59
57
|
});
|
|
60
|
-
return (0, exports.getEnvRoleNames)(
|
|
58
|
+
return (0, exports.getEnvRoleNames)();
|
|
61
59
|
};
|
|
62
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
60
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRW52Um9sZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvQXpBZC9FbnZSb2xlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxpREFBZ0Q7QUFDaEQsaUNBQXlEO0FBQ3pELG9EQUF1RDtBQUN2RCxtQ0FBeUM7QUFFekMsTUFBTSxhQUFhLEdBQUc7SUFDcEIsUUFBUSxFQUFFO1FBQ1IsR0FBRyxFQUFFLHFCQUFVO1FBQ2YsUUFBUSxFQUFFLFVBQVU7UUFDcEIsT0FBTyxFQUFFLE9BQU87S0FDRDtJQUNqQixXQUFXLEVBQUU7UUFDWCxHQUFHLEVBQUUscUJBQVU7UUFDZixRQUFRLEVBQUUsYUFBYTtRQUN2QixPQUFPLEVBQUUsT0FBTztLQUNEO0lBQ2pCLEtBQUssRUFBRTtRQUNMLEdBQUcsRUFBRSxxQkFBVTtRQUNmLFFBQVEsRUFBRSxPQUFPO1FBQ2pCLE9BQU8sRUFBRSxPQUFPO0tBQ0Q7Q0FDbEIsQ0FBQztBQUlLLE1BQU0sZUFBZSxHQUFHLEdBQ1gsRUFBRSxDQUFDLENBQUM7SUFDdEIsUUFBUSxFQUFFLElBQUEsa0JBQVcsRUFBQyxFQUFFLEdBQUcsYUFBYSxDQUFDLFFBQVEsR0FBSSxDQUFDO0lBQ3RELFdBQVcsRUFBRSxJQUFBLGtCQUFXLEVBQUM7UUFDdkIsR0FBRyxhQUFhLENBQUMsV0FBVztLQUM3QixDQUFDO0lBQ0YsS0FBSyxFQUFFLElBQUEsa0JBQVcsRUFBQyxFQUFFLEdBQUcsYUFBYSxDQUFDLEtBQUssR0FBSSxDQUFDO0NBQ2pELENBQUMsQ0FBQztBQVBVLFFBQUEsZUFBZSxtQkFPekI7QUFFSCxrQkFBZSxHQUFHLEVBQUU7SUFDbEIsT0FBTztJQUNQLE1BQU0sVUFBVSxHQUFJLElBQUEsY0FBSSxFQUFDO1FBQ3ZCLEdBQUcsYUFBYSxDQUFDLEtBQUs7UUFDdEIsNkRBQTZEO0tBQzlELENBQUMsQ0FBQztJQUVILGFBQWE7SUFDZCxNQUFNLFdBQVcsR0FBRSxJQUFBLGNBQUksRUFBQztRQUNyQixHQUFHLGFBQWEsQ0FBQyxXQUFXO1FBQzVCLDZEQUE2RDtRQUM3RCxPQUFPLEVBQUMsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDO0tBQzlCLENBQUMsQ0FBQztJQUVILFVBQVU7SUFDVCxJQUFBLGNBQUksRUFBQztRQUNKLEdBQUcsYUFBYSxDQUFDLFFBQVE7UUFDekIsNkRBQTZEO1FBQzVELE9BQU8sRUFBQyxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUM7S0FDaEMsQ0FBQyxDQUFDO0lBRUgsa0NBQWtDO0lBQ2xDLE1BQU0sR0FBRyxHQUFHLElBQUEseUJBQWMsR0FBRSxDQUFDO0lBQzdCLElBQUEsc0JBQWMsRUFBQztRQUNiLElBQUksRUFBRSxnQkFBZ0I7UUFDdEIsYUFBYSxFQUFFLFVBQVUsQ0FBQyxRQUFRO1FBQ2xDLFFBQVEsRUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLFFBQVE7S0FDakMsQ0FBQyxDQUFDO0lBRUgsT0FBTyxJQUFBLHVCQUFlLEdBQUUsQ0FBQztBQUMzQixDQUFDLENBQUMifQ==
|
package/AzAd/Role.d.ts
CHANGED
|
@@ -11,9 +11,8 @@ interface RoleProps {
|
|
|
11
11
|
members?: Input<string>[];
|
|
12
12
|
owners?: Input<Input<string>[]>;
|
|
13
13
|
permissions?: Array<GroupPermissionProps>;
|
|
14
|
-
includeOrganization?: boolean;
|
|
15
14
|
}
|
|
16
|
-
export type RoleNameType = Pick<RoleProps, 'env' | 'location' | 'appName' | 'moduleName' | 'roleName'
|
|
17
|
-
export declare const getRoleName: ({ env, location, appName, moduleName, roleName
|
|
15
|
+
export type RoleNameType = Pick<RoleProps, 'env' | 'location' | 'appName' | 'moduleName' | 'roleName'>;
|
|
16
|
+
export declare const getRoleName: ({ env, location, appName, moduleName, roleName }: RoleNameType) => string;
|
|
18
17
|
declare const _default: ({ members, owners, permissions, ...others }: RoleProps) => import("@pulumi/pulumi").Output<import("@pulumi/azuread/group").Group>;
|
|
19
18
|
export default _default;
|
package/AzAd/Role.js
CHANGED
|
@@ -2,15 +2,13 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.getRoleName = void 0;
|
|
4
4
|
const Group_1 = require("./Group");
|
|
5
|
-
const AzureEnv_1 = require("../Common/AzureEnv");
|
|
6
5
|
const pulumi_1 = require("@pulumi/pulumi");
|
|
7
6
|
const StackEnv_1 = require("../Common/StackEnv");
|
|
8
|
-
const getRoleName = ({ env, location = 'GLB', appName, moduleName, roleName
|
|
9
|
-
const prefix =
|
|
10
|
-
const e = env === AzureEnv_1.Environments.Prd ? 'prod' : 'staging';
|
|
7
|
+
const getRoleName = ({ env, location = 'GLB', appName, moduleName, roleName }) => {
|
|
8
|
+
const prefix = `${StackEnv_1.organization} ROL`;
|
|
11
9
|
return moduleName
|
|
12
|
-
? `${prefix} ${
|
|
13
|
-
: `${prefix} ${
|
|
10
|
+
? `${prefix} ${env} ${location} ${appName}.${moduleName} ${roleName}`.toUpperCase()
|
|
11
|
+
: `${prefix} ${env} ${location} ${appName} ${roleName}`.toUpperCase();
|
|
14
12
|
};
|
|
15
13
|
exports.getRoleName = getRoleName;
|
|
16
14
|
exports.default = ({ members, owners, permissions, ...others }) => {
|
|
@@ -22,4 +20,4 @@ exports.default = ({ members, owners, permissions, ...others }) => {
|
|
|
22
20
|
permissions,
|
|
23
21
|
}));
|
|
24
22
|
};
|
|
25
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
23
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUm9sZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9BekFkL1JvbGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsbUNBQStEO0FBRS9ELDJDQUErQztBQUMvQyxpREFBa0Q7QUF1QjNDLE1BQU0sV0FBVyxHQUFHLENBQUMsRUFDMUIsR0FBRyxFQUNILFFBQVEsR0FBRyxLQUFLLEVBQ2hCLE9BQU8sRUFDUCxVQUFVLEVBQ1YsUUFBUSxFQUNLLEVBQUUsRUFBRTtJQUNqQixNQUFNLE1BQU0sR0FBRyxHQUFHLHVCQUFZLE1BQU0sQ0FBQztJQUVyQyxPQUFPLFVBQVU7UUFDZixDQUFDLENBQUMsR0FBRyxNQUFNLElBQUksR0FBRyxJQUFJLFFBQVEsSUFBSSxPQUFPLElBQUksVUFBVSxJQUFJLFFBQVEsRUFBRSxDQUFDLFdBQVcsRUFBRTtRQUNuRixDQUFDLENBQUMsR0FBRyxNQUFNLElBQUksR0FBRyxJQUFJLFFBQVEsSUFBSSxPQUFPLElBQUksUUFBUSxFQUFFLENBQUMsV0FBVyxFQUFFLENBQUM7QUFDMUUsQ0FBQyxDQUFDO0FBWlcsUUFBQSxXQUFXLGVBWXRCO0FBRUYsa0JBQWUsQ0FBQyxFQUFFLE9BQU8sRUFBRSxNQUFNLEVBQUUsV0FBVyxFQUFFLEdBQUcsTUFBTSxFQUFhLEVBQUUsRUFBRTtJQUN4RSxNQUFNLElBQUksR0FBRyxJQUFBLG1CQUFXLEVBQUMsTUFBTSxDQUFDLENBQUM7SUFDakMsT0FBTyxJQUFBLGVBQU0sRUFDWCxJQUFBLGVBQWMsRUFBQztRQUNiLElBQUk7UUFDSixPQUFPO1FBQ1AsTUFBTTtRQUNOLFdBQVc7S0FDWixDQUFDLENBQ0gsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9
|
package/KeyVault/Helper.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { Input, Resource } from
|
|
2
|
-
import { KeyVaultInfo } from
|
|
1
|
+
import { Input, Resource } from "@pulumi/pulumi";
|
|
2
|
+
import { KeyVaultInfo } from "../types";
|
|
3
3
|
type SecretProps = {
|
|
4
4
|
name: string;
|
|
5
5
|
value: Input<string>;
|
|
@@ -16,9 +16,10 @@ type GetVaultItemProps = {
|
|
|
16
16
|
vaultInfo: KeyVaultInfo;
|
|
17
17
|
nameFormatted?: boolean;
|
|
18
18
|
};
|
|
19
|
-
export declare const addKey: ({ name, vaultInfo, tags, dependsOn, }: Omit<SecretProps,
|
|
19
|
+
export declare const addKey: ({ name, vaultInfo, tags, dependsOn, }: Omit<SecretProps, "value" | "contentType">) => import("@pulumi/azure-native/keyvault/key").Key;
|
|
20
20
|
/** Get Key */
|
|
21
21
|
export declare const getKey: ({ name, version, vaultInfo, nameFormatted, }: GetVaultItemProps) => Promise<import("@azure/keyvault-keys").KeyVaultKey | undefined>;
|
|
22
|
+
export declare const getEncryptionKey: (name: string, vaultInfo: KeyVaultInfo) => import("@pulumi/pulumi").Output<import("@pulumi/pulumi").UnwrappedObject<import("@azure/keyvault-keys").KeyVaultKey> | undefined>;
|
|
22
23
|
/** Get Secret */
|
|
23
24
|
export declare const getSecret: ({ name, version, vaultInfo, nameFormatted, }: GetVaultItemProps) => Promise<import("@azure/keyvault-secrets").KeyVaultSecret | undefined>;
|
|
24
25
|
interface KeyResult {
|
package/KeyVault/Helper.js
CHANGED
|
@@ -1,27 +1,28 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.parseKeyUrl = exports.getSecret = exports.getKey = exports.addKey = void 0;
|
|
3
|
+
exports.parseKeyUrl = exports.getSecret = exports.getEncryptionKey = exports.getKey = exports.addKey = void 0;
|
|
4
4
|
const keyvault = require("@pulumi/azure-native/keyvault");
|
|
5
|
+
const pulumi_1 = require("@pulumi/pulumi");
|
|
5
6
|
const Naming_1 = require("../Common/Naming");
|
|
6
7
|
const Helpers_1 = require("../Common/Helpers");
|
|
7
8
|
const KeyVaultBase_1 = require("@drunk-pulumi/azure-providers/AzBase/KeyVaultBase");
|
|
8
9
|
const addKey = ({ name, vaultInfo, tags, dependsOn, }) => {
|
|
9
10
|
const n = (0, Naming_1.getSecretName)(name);
|
|
10
|
-
return new keyvault.Key((0, Helpers_1.replaceAll)(name,
|
|
11
|
+
return new keyvault.Key((0, Helpers_1.replaceAll)(name, ".", "-"), {
|
|
11
12
|
keyName: n,
|
|
12
13
|
vaultName: vaultInfo.name,
|
|
13
14
|
...vaultInfo.group,
|
|
14
15
|
//https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.keyvault.webkey?view=azure-dotnet-legacy
|
|
15
16
|
properties: {
|
|
16
17
|
keySize: 2048,
|
|
17
|
-
kty:
|
|
18
|
+
kty: "RSA",
|
|
18
19
|
keyOps: [
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
20
|
+
"decrypt",
|
|
21
|
+
"encrypt",
|
|
22
|
+
"sign",
|
|
23
|
+
"verify",
|
|
24
|
+
"wrapKey",
|
|
25
|
+
"unwrapKey",
|
|
25
26
|
],
|
|
26
27
|
//curveName: 'P512',
|
|
27
28
|
attributes: { enabled: true },
|
|
@@ -37,6 +38,11 @@ const getKey = async ({ name, version, vaultInfo, nameFormatted, }) => {
|
|
|
37
38
|
return client.getKey(n, version);
|
|
38
39
|
};
|
|
39
40
|
exports.getKey = getKey;
|
|
41
|
+
const getEncryptionKey = (name, vaultInfo) => {
|
|
42
|
+
const n = `${name}-encrypt-key`;
|
|
43
|
+
return (0, pulumi_1.output)((0, KeyVaultBase_1.getKeyVaultBase)(vaultInfo.name).getOrCreateKey(n));
|
|
44
|
+
};
|
|
45
|
+
exports.getEncryptionKey = getEncryptionKey;
|
|
40
46
|
/** Get Secret */
|
|
41
47
|
const getSecret = async ({ name, version, vaultInfo, nameFormatted, }) => {
|
|
42
48
|
const n = nameFormatted ? name : (0, Naming_1.getSecretName)(name);
|
|
@@ -46,13 +52,13 @@ const getSecret = async ({ name, version, vaultInfo, nameFormatted, }) => {
|
|
|
46
52
|
exports.getSecret = getSecret;
|
|
47
53
|
/** Convert VaultId to VaultInfo */
|
|
48
54
|
const parseKeyUrl = (keyUrl) => {
|
|
49
|
-
const splits = keyUrl.split(
|
|
55
|
+
const splits = keyUrl.split("/");
|
|
50
56
|
return {
|
|
51
57
|
keyIdentityUrl: keyUrl,
|
|
52
58
|
name: splits[4],
|
|
53
|
-
version: splits.length > 4 ? splits[5] :
|
|
59
|
+
version: splits.length > 4 ? splits[5] : "",
|
|
54
60
|
vaultUrl: `https://${splits[2]}`,
|
|
55
61
|
};
|
|
56
62
|
};
|
|
57
63
|
exports.parseKeyUrl = parseKeyUrl;
|
|
58
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
64
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL0tleVZhdWx0L0hlbHBlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwwREFBMEQ7QUFDMUQsMkNBQXlEO0FBR3pELDZDQUFpRDtBQUNqRCwrQ0FBK0M7QUFFL0Msb0ZBQW9GO0FBd0I3RSxNQUFNLE1BQU0sR0FBRyxDQUFDLEVBQ3JCLElBQUksRUFDSixTQUFTLEVBQ1QsSUFBSSxFQUNKLFNBQVMsR0FDa0MsRUFBRSxFQUFFO0lBQy9DLE1BQU0sQ0FBQyxHQUFHLElBQUEsc0JBQWEsRUFBQyxJQUFJLENBQUMsQ0FBQztJQUU5QixPQUFPLElBQUksUUFBUSxDQUFDLEdBQUcsQ0FDckIsSUFBQSxvQkFBVSxFQUFDLElBQUksRUFBRSxHQUFHLEVBQUUsR0FBRyxDQUFDLEVBQzFCO1FBQ0UsT0FBTyxFQUFFLENBQUM7UUFDVixTQUFTLEVBQUUsU0FBUyxDQUFDLElBQUk7UUFDekIsR0FBRyxTQUFTLENBQUMsS0FBSztRQUNsQixzR0FBc0c7UUFDdEcsVUFBVSxFQUFFO1lBQ1YsT0FBTyxFQUFFLElBQUk7WUFDYixHQUFHLEVBQUUsS0FBSztZQUNWLE1BQU0sRUFBRTtnQkFDTixTQUFTO2dCQUNULFNBQVM7Z0JBQ1QsTUFBTTtnQkFDTixRQUFRO2dCQUNSLFNBQVM7Z0JBQ1QsV0FBVzthQUNaO1lBQ0Qsb0JBQW9CO1lBQ3BCLFVBQVUsRUFBRSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUU7U0FDOUI7UUFDRCxJQUFJO0tBQ0wsRUFDRCxFQUFFLFNBQVMsRUFBRSxDQUNkLENBQUM7QUFDSixDQUFDLENBQUM7QUFqQ1csUUFBQSxNQUFNLFVBaUNqQjtBQUVGLGNBQWM7QUFDUCxNQUFNLE1BQU0sR0FBRyxLQUFLLEVBQUUsRUFDM0IsSUFBSSxFQUNKLE9BQU8sRUFDUCxTQUFTLEVBQ1QsYUFBYSxHQUNLLEVBQUUsRUFBRTtJQUN0QixNQUFNLENBQUMsR0FBRyxhQUFhLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsSUFBQSxzQkFBYSxFQUFDLElBQUksQ0FBQyxDQUFDO0lBQ3JELE1BQU0sTUFBTSxHQUFHLElBQUEsOEJBQWUsRUFBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDL0MsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsRUFBRSxPQUFPLENBQUMsQ0FBQztBQUNuQyxDQUFDLENBQUM7QUFUVyxRQUFBLE1BQU0sVUFTakI7QUFFSyxNQUFNLGdCQUFnQixHQUFHLENBQUMsSUFBWSxFQUFFLFNBQXVCLEVBQUUsRUFBRTtJQUN4RSxNQUFNLENBQUMsR0FBRyxHQUFHLElBQUksY0FBYyxDQUFDO0lBQ2hDLE9BQU8sSUFBQSxlQUFNLEVBQUMsSUFBQSw4QkFBZSxFQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxjQUFjLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztBQUNuRSxDQUFDLENBQUM7QUFIVyxRQUFBLGdCQUFnQixvQkFHM0I7QUFFRixpQkFBaUI7QUFDVixNQUFNLFNBQVMsR0FBRyxLQUFLLEVBQUUsRUFDOUIsSUFBSSxFQUNKLE9BQU8sRUFDUCxTQUFTLEVBQ1QsYUFBYSxHQUNLLEVBQUUsRUFBRTtJQUN0QixNQUFNLENBQUMsR0FBRyxhQUFhLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsSUFBQSxzQkFBYSxFQUFDLElBQUksQ0FBQyxDQUFDO0lBQ3JELE1BQU0sTUFBTSxHQUFHLElBQUEsOEJBQWUsRUFBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDL0MsT0FBTyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxPQUFPLENBQUMsQ0FBQztBQUN0QyxDQUFDLENBQUM7QUFUVyxRQUFBLFNBQVMsYUFTcEI7QUFVRixtQ0FBbUM7QUFDNUIsTUFBTSxXQUFXLEdBQUcsQ0FBQyxNQUFjLEVBQWEsRUFBRTtJQUN2RCxNQUFNLE1BQU0sR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ2pDLE9BQU87UUFDTCxjQUFjLEVBQUUsTUFBTTtRQUN0QixJQUFJLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUNmLE9BQU8sRUFBRSxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFO1FBQzNDLFFBQVEsRUFBRSxXQUFXLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRTtLQUNqQyxDQUFDO0FBQ0osQ0FBQyxDQUFDO0FBUlcsUUFBQSxXQUFXLGVBUXRCIn0=
|
package/KeyVault/VaultAccess.js
CHANGED
|
@@ -11,7 +11,6 @@ exports.default = ({ name, auth }) => {
|
|
|
11
11
|
env: AzureEnv_1.currentEnv,
|
|
12
12
|
appName: `${name}-vault`,
|
|
13
13
|
roleName: 'ReadOnly',
|
|
14
|
-
includeOrganization: auth.includeOrganization,
|
|
15
14
|
});
|
|
16
15
|
const adminGroup = auth.envRoleNames
|
|
17
16
|
? (0, Group_1.getAdGroup)(auth.envRoleNames.contributor)
|
|
@@ -19,29 +18,7 @@ exports.default = ({ name, auth }) => {
|
|
|
19
18
|
env: AzureEnv_1.currentEnv,
|
|
20
19
|
appName: `${name}-vault`,
|
|
21
20
|
roleName: 'Admin',
|
|
22
|
-
includeOrganization: auth.includeOrganization,
|
|
23
21
|
});
|
|
24
|
-
//Add current service principal in
|
|
25
|
-
// if (auth.permissions == undefined) {
|
|
26
|
-
// auth.permissions = [
|
|
27
|
-
// // {
|
|
28
|
-
// // objectId: currentServicePrincipal,
|
|
29
|
-
// // permission: 'ReadWrite',
|
|
30
|
-
// // },
|
|
31
|
-
// ];
|
|
32
|
-
// }
|
|
33
|
-
//Add Permission to Groups
|
|
34
|
-
// auth.permissions.forEach(
|
|
35
|
-
// ({ objectId, applicationId, permission, ...others }, index) =>
|
|
36
|
-
// new azuread.GroupMember(`${name}-${permission}-${index}`, {
|
|
37
|
-
// groupObjectId:
|
|
38
|
-
// permission === 'ReadOnly'
|
|
39
|
-
// ? readOnlyGroup.objectId
|
|
40
|
-
// : adminGroup.objectId,
|
|
41
|
-
// memberObjectId: objectId ?? applicationId,
|
|
42
|
-
// ...others,
|
|
43
|
-
// })
|
|
44
|
-
// );
|
|
45
22
|
return { readOnlyGroup, adminGroup };
|
|
46
23
|
};
|
|
47
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
24
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVmF1bHRBY2Nlc3MuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvS2V5VmF1bHQvVmF1bHRBY2Nlc3MudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFDQSx1Q0FBcUM7QUFDckMsaURBQWdEO0FBQ2hELHlDQUEyQztBQWEzQyxrQkFBZSxDQUFDLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBUyxFQUFFLEVBQUU7SUFDdkMsbUJBQW1CO0lBQ25CLE1BQU0sYUFBYSxHQUFHLElBQUksQ0FBQyxZQUFZO1FBQ3JDLENBQUMsQ0FBQyxJQUFBLGtCQUFVLEVBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxRQUFRLENBQUM7UUFDeEMsQ0FBQyxDQUFDLElBQUEsY0FBUyxFQUFDO1lBQ1IsR0FBRyxFQUFFLHFCQUFVO1lBQ2YsT0FBTyxFQUFFLEdBQUcsSUFBSSxRQUFRO1lBQ3hCLFFBQVEsRUFBRSxVQUFVO1NBQ3JCLENBQUMsQ0FBQztJQUVQLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxZQUFZO1FBQ2xDLENBQUMsQ0FBQyxJQUFBLGtCQUFVLEVBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUM7UUFDM0MsQ0FBQyxDQUFDLElBQUEsY0FBUyxFQUFDO1lBQ1IsR0FBRyxFQUFFLHFCQUFVO1lBQ2YsT0FBTyxFQUFFLEdBQUcsSUFBSSxRQUFRO1lBQ3hCLFFBQVEsRUFBRSxPQUFPO1NBQ2xCLENBQUMsQ0FBQztJQUVQLE9BQU8sRUFBRSxhQUFhLEVBQUUsVUFBVSxFQUFFLENBQUM7QUFDdkMsQ0FBQyxDQUFDIn0=
|
package/KeyVault/index.js
CHANGED
|
@@ -9,13 +9,9 @@ const PrivateEndpoint_1 = require("../VNet/PrivateEndpoint");
|
|
|
9
9
|
const CustomHelper_1 = require("./CustomHelper");
|
|
10
10
|
const VaultPermissions_1 = require("./VaultPermissions");
|
|
11
11
|
const VaultAccess_1 = require("./VaultAccess");
|
|
12
|
-
const Group_1 = require("../AzAd/Group");
|
|
13
12
|
exports.default = ({ name,
|
|
14
13
|
//nameConvention,
|
|
15
|
-
group, auth = {
|
|
16
|
-
includeOrganization: true,
|
|
17
|
-
//permissions: new Array<PermissionProps>(),
|
|
18
|
-
}, createDefaultValues, network, ...others }) => {
|
|
14
|
+
group, auth = {}, createDefaultValues, network, ...others }) => {
|
|
19
15
|
const vaultName = (0, Naming_1.getKeyVaultName)(name);
|
|
20
16
|
const { readOnlyGroup, adminGroup } = (0, VaultAccess_1.default)({ name, auth });
|
|
21
17
|
// const accessPolicies =
|
|
@@ -80,12 +76,6 @@ group, auth = {
|
|
|
80
76
|
permission: "ReadWrite",
|
|
81
77
|
principalType: "Group",
|
|
82
78
|
});
|
|
83
|
-
//Add current principal to the admin group
|
|
84
|
-
(0, Group_1.addUserToGroup)({
|
|
85
|
-
name: `${name}-current-principal-as-admin`,
|
|
86
|
-
objectId: AzureEnv_1.currentPrincipal,
|
|
87
|
-
groupObjectId: adminGroup.objectId,
|
|
88
|
-
});
|
|
89
79
|
//To Vault Info
|
|
90
80
|
const toVaultInfo = () => ({ name: vaultName, group, id: resource.id });
|
|
91
81
|
//Add Diagnostic
|
|
@@ -131,4 +121,4 @@ group, auth = {
|
|
|
131
121
|
createPrivateLink,
|
|
132
122
|
};
|
|
133
123
|
};
|
|
134
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
124
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvS2V5VmF1bHQvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSwrQ0FBK0M7QUFDL0Msc0RBQW1EO0FBRW5ELGlEQUc0QjtBQUM1Qiw2Q0FBMkU7QUFDM0UsNkNBQW1EO0FBRW5ELDZEQUFzRDtBQUV0RCxpREFBaUQ7QUFDakQseURBQThEO0FBQzlELCtDQUE2RDtBQWdCN0Qsa0JBQWUsQ0FBQyxFQUNkLElBQUk7QUFDSixpQkFBaUI7QUFDakIsS0FBSyxFQUNMLElBQUksR0FBQyxFQUFFLEVBQ1AsbUJBQW1CLEVBQ25CLE9BQU8sRUFDUCxHQUFHLE1BQU0sRUFDSCxFQUFFLEVBQUU7SUFDVixNQUFNLFNBQVMsR0FBRyxJQUFBLHdCQUFlLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFFeEMsTUFBTSxFQUFFLGFBQWEsRUFBRSxVQUFVLEVBQUUsR0FBRyxJQUFBLHFCQUFXLEVBQUMsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztJQUVsRSx5QkFBeUI7SUFDekIsb0VBQW9FO0lBRXBFLHlCQUF5QjtJQUN6QiwyQkFBMkI7SUFDM0IsMEJBQTBCO0lBQzFCLHdDQUF3QztJQUN4QyxnQkFBZ0I7SUFDaEIsMkNBQTJDO0lBQzNDLFFBQVE7SUFDUiwwQkFBMEI7SUFDMUIscUNBQXFDO0lBQ3JDLGdCQUFnQjtJQUNoQix3Q0FBd0M7SUFDeEMsUUFBUTtJQUNSLElBQUk7SUFFSixNQUFNLFFBQVEsR0FBRyxJQUFJLE1BQU0sQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLFNBQVMsRUFBRTtRQUNwRCxTQUFTO1FBQ1QsR0FBRyxLQUFLO1FBQ1IsR0FBRyxNQUFNO1FBRVQsVUFBVSxFQUFFO1lBQ1YsUUFBUSxFQUFSLG1CQUFRO1lBQ1IsR0FBRyxFQUFFLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxNQUFNLEVBQUUsR0FBRyxFQUFFO1lBQ3RDLFVBQVUsRUFBRSxTQUFTO1lBRXJCLHVCQUF1QixFQUFFLElBQUk7WUFDN0IsY0FBYyxFQUFFLFNBQVM7WUFFekIscUJBQXFCLEVBQUUsSUFBSTtZQUMzQixnQkFBZ0IsRUFBRSxJQUFJO1lBQ3RCLHlCQUF5QixFQUFFLENBQUMsRUFBRSwyRUFBMkU7WUFFekcsb0JBQW9CLEVBQUUsSUFBSTtZQUMxQix3QkFBd0IsRUFBRSxJQUFJO1lBRTlCLFdBQVcsRUFBRSxPQUFPO2dCQUNsQixDQUFDLENBQUM7b0JBQ0UsTUFBTSxFQUFFLGVBQWU7b0JBQ3ZCLGFBQWEsRUFBRSxhQUFLLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLElBQUk7b0JBRXBELE9BQU8sRUFBRSxPQUFPLENBQUMsV0FBVzt3QkFDMUIsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLEVBQUUsS0FBSyxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUM7d0JBQ2hELENBQUMsQ0FBQyxFQUFFO29CQUVOLG1CQUFtQixFQUFFLE9BQU8sQ0FBQyxTQUFTO3dCQUNwQyxDQUFDLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxFQUFFLENBQUMsQ0FBQzt3QkFDM0MsQ0FBQyxDQUFDLFNBQVM7aUJBQ2Q7Z0JBQ0gsQ0FBQyxDQUFDO29CQUNFLE1BQU0sRUFBRSxlQUFlO29CQUN2QixhQUFhLEVBQUUsYUFBSyxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLO2lCQUN0RDtTQUNOO0tBRUYsQ0FBQyxDQUFDO0lBRUgsdUJBQXVCO0lBQ3ZCLElBQUEsMkNBQXdCLEVBQUM7UUFDdkIsSUFBSSxFQUFFLEdBQUcsSUFBSSxnQkFBZ0I7UUFDN0IsS0FBSyxFQUFFLFFBQVEsQ0FBQyxFQUFFO1FBQ2xCLFFBQVEsRUFBRSxhQUFhLENBQUMsUUFBUTtRQUNoQyxVQUFVLEVBQUUsVUFBVTtRQUN0QixhQUFhLEVBQUUsT0FBTztLQUN2QixDQUFDLENBQUM7SUFFSCxJQUFBLDJDQUF3QixFQUFDO1FBQ3ZCLElBQUksRUFBRSxHQUFHLElBQUksYUFBYTtRQUMxQixLQUFLLEVBQUUsUUFBUSxDQUFDLEVBQUU7UUFDbEIsUUFBUSxFQUFFLFVBQVUsQ0FBQyxRQUFRO1FBQzdCLFVBQVUsRUFBRSxXQUFXO1FBQ3ZCLGFBQWEsRUFBRSxPQUFPO0tBQ3ZCLENBQUMsQ0FBQztJQUVILGVBQWU7SUFDZixNQUFNLFdBQVcsR0FBRyxHQUFHLEVBQUUsQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxLQUFLLEVBQUUsRUFBRSxFQUFFLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBRXhFLGdCQUFnQjtJQUNoQixNQUFNLGFBQWEsR0FBRyxDQUFDLE9BQXlCLEVBQUUsRUFBRSxDQUNsRCxJQUFBLDBCQUFnQixFQUFDO1FBQ2YsSUFBSTtRQUNKLGdCQUFnQixFQUFFLFFBQVEsQ0FBQyxFQUFFO1FBQzdCLEdBQUcsT0FBTztRQUNWLGNBQWMsRUFBRSxDQUFDLFlBQVksQ0FBQztLQUMvQixDQUFDLENBQUM7SUFFTCxzQkFBc0I7SUFDdEIsTUFBTSxpQkFBaUIsR0FBRyxDQUFDLEtBQXVCLEVBQUUsRUFBRSxDQUNwRCxJQUFBLHlCQUFlLEVBQUM7UUFDZCxJQUFJLEVBQUUsSUFBQSwrQkFBc0IsRUFBQyxJQUFJLENBQUM7UUFDbEMsS0FBSztRQUNMLEdBQUcsS0FBSztRQUNSLFVBQVUsRUFBRSxRQUFRLENBQUMsRUFBRTtRQUN2QixrQkFBa0IsRUFBRSxpQ0FBaUM7UUFDckQsbUJBQW1CLEVBQUUsQ0FBQyxVQUFVLENBQUM7S0FDbEMsQ0FBQyxDQUFDO0lBRUwsSUFBSSxtQkFBbUIsRUFBRSxDQUFDO1FBQ3hCLE1BQU0sU0FBUyxHQUFHLFdBQVcsRUFBRSxDQUFDO1FBRWhDLElBQUEsOEJBQWUsRUFBQztZQUNkLElBQUksRUFBRSxXQUFXO1lBQ2pCLEtBQUssRUFBRSxtQkFBUTtZQUNmLFNBQVM7WUFDVCxXQUFXLEVBQUUseUJBQXlCO1lBQ3RDLFNBQVMsRUFBRSxRQUFRO1NBQ3BCLENBQUMsQ0FBQztRQUVILElBQUEsOEJBQWUsRUFBQztZQUNkLElBQUksRUFBRSxpQkFBaUI7WUFDdkIsS0FBSyxFQUFFLHlCQUFjO1lBQ3JCLFNBQVM7WUFDVCxXQUFXLEVBQUUseUJBQXlCO1lBQ3RDLFNBQVMsRUFBRSxRQUFRO1NBQ3BCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxPQUFPO1FBQ0wsSUFBSSxFQUFFLFNBQVM7UUFDZixLQUFLLEVBQUUsUUFBUTtRQUNmLGFBQWE7UUFDYixVQUFVO1FBQ1YsV0FBVztRQUNYLGFBQWE7UUFDYixpQkFBaUI7S0FDbEIsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9
|
package/Sql/index.d.ts
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
|
-
import { Input, Output } from
|
|
2
|
-
import { EnvRoleNamesType } from
|
|
3
|
-
import { BasicResourceArgs, BasicResourceResultProps, KeyVaultInfo, PrivateLinkProps } from
|
|
4
|
-
import { SqlDbProps } from
|
|
1
|
+
import { Input, Output } from "@pulumi/pulumi";
|
|
2
|
+
import { EnvRoleNamesType } from "../AzAd/EnvRoles";
|
|
3
|
+
import { BasicResourceArgs, BasicResourceResultProps, KeyVaultInfo, PrivateLinkProps } from "../types";
|
|
4
|
+
import { SqlDbProps } from "./SqlDb";
|
|
5
5
|
type ElasticPoolCapacityProps = 50 | 100 | 200 | 300 | 400 | 800 | 1200;
|
|
6
6
|
interface Props extends BasicResourceArgs {
|
|
7
|
-
vaultInfo
|
|
7
|
+
vaultInfo: KeyVaultInfo;
|
|
8
|
+
enableEncryption?: boolean;
|
|
8
9
|
/** if Auth is not provided it will be auto generated */
|
|
9
10
|
auth: {
|
|
10
11
|
envRoleNames?: EnvRoleNamesType;
|
|
@@ -15,16 +16,16 @@ interface Props extends BasicResourceArgs {
|
|
|
15
16
|
password: Input<string>;
|
|
16
17
|
};
|
|
17
18
|
elasticPool?: {
|
|
18
|
-
name:
|
|
19
|
+
name: "Standard" | "Basic";
|
|
19
20
|
capacity: ElasticPoolCapacityProps;
|
|
20
21
|
};
|
|
21
|
-
databases: Array<Omit<SqlDbProps,
|
|
22
|
+
databases: Array<Omit<SqlDbProps, "sqlServerName" | "group" | "elasticPoolId" | "dependsOn">>;
|
|
22
23
|
network?: {
|
|
23
24
|
acceptAllInternetConnect?: boolean;
|
|
24
25
|
subnetId?: Input<string>;
|
|
25
26
|
ipAddresses?: Input<string>[];
|
|
26
27
|
/** To enable Private Link need to ensure the subnetId is provided. */
|
|
27
|
-
privateLink?: Omit<PrivateLinkProps,
|
|
28
|
+
privateLink?: Omit<PrivateLinkProps, "subnetId">;
|
|
28
29
|
};
|
|
29
30
|
vulnerabilityAssessment?: {
|
|
30
31
|
alertEmails: Array<string>;
|
|
@@ -34,11 +35,11 @@ interface Props extends BasicResourceArgs {
|
|
|
34
35
|
};
|
|
35
36
|
lock?: boolean;
|
|
36
37
|
}
|
|
37
|
-
declare const _default: ({ name, auth, group, elasticPool, databases, vaultInfo, network, vulnerabilityAssessment, lock, }: Props) => {
|
|
38
|
+
declare const _default: ({ name, auth, group, enableEncryption, elasticPool, databases, vaultInfo, network, vulnerabilityAssessment, lock, }: Props) => {
|
|
38
39
|
name: string;
|
|
39
40
|
resource: import("@pulumi/azure-native/sql/server").Server;
|
|
40
41
|
elasticPool: BasicResourceResultProps<import("@pulumi/azure-native/sql/elasticPool").ElasticPool> | undefined;
|
|
41
|
-
databases: BasicResourceResultProps<import("@pulumi/azure-native/sql/database").Database>[]
|
|
42
|
+
databases: BasicResourceResultProps<import("@pulumi/azure-native/sql/database").Database>[];
|
|
42
43
|
adminGroup: Output<import("@pulumi/pulumi").UnwrappedObject<import("@pulumi/azuread").GetGroupResult>> | Output<import("@pulumi/azuread/group").Group> | undefined;
|
|
43
44
|
};
|
|
44
45
|
export default _default;
|
package/Sql/index.js
CHANGED
|
@@ -2,19 +2,20 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
const sql = require("@pulumi/azure-native/sql");
|
|
4
4
|
const pulumi_1 = require("@pulumi/pulumi");
|
|
5
|
+
const Helper_1 = require("../KeyVault/Helper");
|
|
5
6
|
const Group_1 = require("../AzAd/Group");
|
|
6
7
|
const RoleAssignment_1 = require("../AzAd/RoleAssignment");
|
|
7
8
|
const AzureEnv_1 = require("../Common/AzureEnv");
|
|
8
9
|
const Naming_1 = require("../Common/Naming");
|
|
9
10
|
const Locker_1 = require("../Core/Locker");
|
|
10
|
-
const
|
|
11
|
+
const Helper_2 = require("../VNet/Helper");
|
|
11
12
|
const PrivateEndpoint_1 = require("../VNet/PrivateEndpoint");
|
|
12
13
|
const SqlDb_1 = require("./SqlDb");
|
|
13
14
|
const CustomHelper_1 = require("../KeyVault/CustomHelper");
|
|
14
15
|
const Role_1 = require("../AzAd/Role");
|
|
15
16
|
const createElasticPool = ({ group, name, sqlName,
|
|
16
17
|
//Minimum is 50 GD
|
|
17
|
-
maxSizeBytesGb = 50, sku = { name: AzureEnv_1.isPrd ?
|
|
18
|
+
maxSizeBytesGb = 50, sku = { name: AzureEnv_1.isPrd ? "Standard" : "Basic", capacity: 50 }, lock = true, }) => {
|
|
18
19
|
//Create Sql Elastic
|
|
19
20
|
const elasticName = (0, Naming_1.getElasticPoolName)(name);
|
|
20
21
|
const ep = new sql.ElasticPool(elasticName, {
|
|
@@ -29,8 +30,9 @@ maxSizeBytesGb = 50, sku = { name: AzureEnv_1.isPrd ? 'Standard' : 'Basic', capa
|
|
|
29
30
|
},
|
|
30
31
|
perDatabaseSettings: {
|
|
31
32
|
minCapacity: 0,
|
|
32
|
-
maxCapacity: sku.name ===
|
|
33
|
+
maxCapacity: sku.name === "Basic" ? 5 : sku.capacity,
|
|
33
34
|
},
|
|
35
|
+
zoneRedundant: AzureEnv_1.isPrd,
|
|
34
36
|
//licenseType: sql.ElasticPoolLicenseType.BasePrice,
|
|
35
37
|
//zoneRedundant: isPrd,
|
|
36
38
|
});
|
|
@@ -39,8 +41,11 @@ maxSizeBytesGb = 50, sku = { name: AzureEnv_1.isPrd ? 'Standard' : 'Basic', capa
|
|
|
39
41
|
}
|
|
40
42
|
return { name: elasticName, resource: ep };
|
|
41
43
|
};
|
|
42
|
-
exports.default = ({ name, auth, group, elasticPool, databases, vaultInfo, network, vulnerabilityAssessment, lock = true, }) => {
|
|
44
|
+
exports.default = ({ name, auth, group, enableEncryption, elasticPool, databases, vaultInfo, network, vulnerabilityAssessment, lock = true, }) => {
|
|
43
45
|
const sqlName = (0, Naming_1.getSqlServerName)(name);
|
|
46
|
+
const encryptKey = enableEncryption
|
|
47
|
+
? (0, Helper_1.getEncryptionKey)(name, vaultInfo)
|
|
48
|
+
: undefined;
|
|
44
49
|
// if (vaultInfo && !auth) {
|
|
45
50
|
// const login = await randomLogin({ name, loginPrefix: 'sql', vaultInfo });
|
|
46
51
|
// auth = {
|
|
@@ -52,17 +57,17 @@ exports.default = ({ name, auth, group, elasticPool, databases, vaultInfo, netwo
|
|
|
52
57
|
const adminGroup = auth?.enableAdAdministrator
|
|
53
58
|
? auth.envRoleNames
|
|
54
59
|
? (0, Group_1.getAdGroup)(auth.envRoleNames.admin)
|
|
55
|
-
: (0, Role_1.default)({ env: AzureEnv_1.currentEnv, roleName:
|
|
60
|
+
: (0, Role_1.default)({ env: AzureEnv_1.currentEnv, roleName: "ADMIN", appName: "SQL" })
|
|
56
61
|
: undefined;
|
|
57
|
-
const ignoreChanges = [
|
|
62
|
+
const ignoreChanges = ["administratorLogin", "administrators"];
|
|
58
63
|
if (auth.azureAdOnlyAuthentication)
|
|
59
|
-
ignoreChanges.push(
|
|
64
|
+
ignoreChanges.push("administratorLoginPassword");
|
|
60
65
|
const sqlServer = new sql.Server(sqlName, {
|
|
61
66
|
serverName: sqlName,
|
|
62
67
|
...group,
|
|
63
|
-
version:
|
|
64
|
-
minimalTlsVersion:
|
|
65
|
-
identity: { type:
|
|
68
|
+
version: "12.0",
|
|
69
|
+
minimalTlsVersion: "1.2",
|
|
70
|
+
identity: { type: "SystemAssigned" },
|
|
66
71
|
administratorLogin: auth?.adminLogin,
|
|
67
72
|
administratorLoginPassword: auth.azureAdOnlyAuthentication
|
|
68
73
|
? undefined
|
|
@@ -101,10 +106,10 @@ exports.default = ({ name, auth, group, elasticPool, databases, vaultInfo, netwo
|
|
|
101
106
|
group,
|
|
102
107
|
name,
|
|
103
108
|
resourceId: sqlServer.id,
|
|
104
|
-
privateDnsZoneName:
|
|
109
|
+
privateDnsZoneName: "privatelink.database.windows.net",
|
|
105
110
|
...network.privateLink,
|
|
106
111
|
subnetId: network.subnetId,
|
|
107
|
-
linkServiceGroupIds: [
|
|
112
|
+
linkServiceGroupIds: ["sqlServer"],
|
|
108
113
|
});
|
|
109
114
|
}
|
|
110
115
|
else {
|
|
@@ -120,16 +125,16 @@ exports.default = ({ name, auth, group, elasticPool, databases, vaultInfo, netwo
|
|
|
120
125
|
}
|
|
121
126
|
//Allow Public Ip Accessing
|
|
122
127
|
if (network?.acceptAllInternetConnect) {
|
|
123
|
-
new sql.FirewallRule(
|
|
124
|
-
firewallRuleName:
|
|
128
|
+
new sql.FirewallRule("accept-all-connection", {
|
|
129
|
+
firewallRuleName: "accept-all-connection",
|
|
125
130
|
serverName: sqlServer.name,
|
|
126
131
|
...group,
|
|
127
|
-
startIpAddress:
|
|
128
|
-
endIpAddress:
|
|
132
|
+
startIpAddress: "0.0.0.0",
|
|
133
|
+
endIpAddress: "255.255.255.255",
|
|
129
134
|
});
|
|
130
135
|
}
|
|
131
136
|
else if (network?.ipAddresses) {
|
|
132
|
-
(0, pulumi_1.all)(network.ipAddresses).apply((ips) => (0,
|
|
137
|
+
(0, pulumi_1.all)(network.ipAddresses).apply((ips) => (0, Helper_2.convertToIpRange)(ips).map((ip, i) => {
|
|
133
138
|
const n = `${sqlName}-fwRule-${i}`;
|
|
134
139
|
return new sql.FirewallRule(n, {
|
|
135
140
|
firewallRuleName: n,
|
|
@@ -145,28 +150,28 @@ exports.default = ({ name, auth, group, elasticPool, databases, vaultInfo, netwo
|
|
|
145
150
|
if (vulnerabilityAssessment.logStorageId) {
|
|
146
151
|
(0, RoleAssignment_1.roleAssignment)({
|
|
147
152
|
name,
|
|
148
|
-
principalId: sqlServer.identity.apply((i) => i?.principalId ||
|
|
149
|
-
principalType:
|
|
150
|
-
roleName:
|
|
153
|
+
principalId: sqlServer.identity.apply((i) => i?.principalId || ""),
|
|
154
|
+
principalType: "ServicePrincipal",
|
|
155
|
+
roleName: "Storage Blob Data Contributor",
|
|
151
156
|
scope: vulnerabilityAssessment.logStorageId,
|
|
152
157
|
});
|
|
153
158
|
}
|
|
154
159
|
//Server Audit
|
|
155
160
|
new sql.ExtendedServerBlobAuditingPolicy(name, {
|
|
156
161
|
auditActionsAndGroups: [
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
162
|
+
"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP",
|
|
163
|
+
"FAILED_DATABASE_AUTHENTICATION_GROUP",
|
|
164
|
+
"BATCH_COMPLETED_GROUP",
|
|
160
165
|
],
|
|
161
166
|
serverName: sqlServer.name,
|
|
162
167
|
...group,
|
|
163
|
-
blobAuditingPolicyName:
|
|
168
|
+
blobAuditingPolicyName: "default",
|
|
164
169
|
isAzureMonitorTargetEnabled: true,
|
|
165
170
|
isStorageSecondaryKeyInUse: false,
|
|
166
171
|
predicateExpression: "object_name = 'SensitiveData'",
|
|
167
172
|
queueDelayMs: 4000,
|
|
168
173
|
retentionDays: AzureEnv_1.isPrd ? 30 : 6,
|
|
169
|
-
state:
|
|
174
|
+
state: "Enabled",
|
|
170
175
|
isDevopsAuditEnabled: true,
|
|
171
176
|
storageAccountAccessKey: vulnerabilityAssessment.storageAccessKey,
|
|
172
177
|
storageAccountSubscriptionId: AzureEnv_1.subscriptionId,
|
|
@@ -182,7 +187,7 @@ exports.default = ({ name, auth, group, elasticPool, databases, vaultInfo, netwo
|
|
|
182
187
|
retentionDays: 7,
|
|
183
188
|
storageAccountAccessKey: vulnerabilityAssessment.storageAccessKey,
|
|
184
189
|
storageEndpoint: vulnerabilityAssessment.storageEndpoint,
|
|
185
|
-
state:
|
|
190
|
+
state: "Enabled",
|
|
186
191
|
});
|
|
187
192
|
//ServerVulnerabilityAssessment
|
|
188
193
|
new sql.ServerVulnerabilityAssessment(name, {
|
|
@@ -198,31 +203,53 @@ exports.default = ({ name, auth, group, elasticPool, databases, vaultInfo, netwo
|
|
|
198
203
|
storageAccountAccessKey: vulnerabilityAssessment.storageAccessKey,
|
|
199
204
|
});
|
|
200
205
|
}
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
(0, CustomHelper_1.addCustomSecret)({
|
|
216
|
-
name: d.name,
|
|
217
|
-
value: connectionString,
|
|
218
|
-
vaultInfo,
|
|
219
|
-
contentType: `Sql ${d.name} Connection String`,
|
|
220
|
-
dependsOn: d.resource,
|
|
221
|
-
});
|
|
222
|
-
}
|
|
223
|
-
return d;
|
|
206
|
+
if (encryptKey) {
|
|
207
|
+
// Enable a server key in the SQL Server with reference to the Key Vault Key
|
|
208
|
+
new sql.ServerKey(`${sqlName}-serverKey`, {
|
|
209
|
+
resourceGroupName: group.resourceGroupName,
|
|
210
|
+
serverName: sqlName,
|
|
211
|
+
serverKeyType: "AzureKeyVault",
|
|
212
|
+
keyName: encryptKey.apply((c) => c.name),
|
|
213
|
+
uri: encryptKey.apply((c) => `${c.properties.vaultUrl}/keys/${c.name}`),
|
|
214
|
+
});
|
|
215
|
+
new sql.EncryptionProtector(`${sqlName}-encryptionProtector`, {
|
|
216
|
+
resourceGroupName: group.resourceGroupName,
|
|
217
|
+
serverName: sqlName,
|
|
218
|
+
serverKeyType: "AzureKeyVault",
|
|
219
|
+
autoRotationEnabled: true,
|
|
224
220
|
});
|
|
225
221
|
}
|
|
222
|
+
const dbs = databases?.map((db) => {
|
|
223
|
+
const d = (0, SqlDb_1.default)({
|
|
224
|
+
...db,
|
|
225
|
+
group,
|
|
226
|
+
sqlServerName: sqlName,
|
|
227
|
+
dependsOn: sqlServer,
|
|
228
|
+
elasticPoolId: ep ? ep.resource.id : undefined,
|
|
229
|
+
});
|
|
230
|
+
if (encryptKey) {
|
|
231
|
+
//Enable TransparentDataEncryption for each database
|
|
232
|
+
new sql.TransparentDataEncryption(`${sqlName}-${db.name}`, {
|
|
233
|
+
serverName: sqlName,
|
|
234
|
+
databaseName: db.name,
|
|
235
|
+
resourceGroupName: group.resourceGroupName,
|
|
236
|
+
state: "Enabled",
|
|
237
|
+
});
|
|
238
|
+
}
|
|
239
|
+
if (vaultInfo) {
|
|
240
|
+
const connectionString = auth?.adminLogin
|
|
241
|
+
? (0, pulumi_1.interpolate) `Data Source=${sqlName}.database.windows.net;Initial Catalog=${d.name};User Id=${auth.adminLogin};Password=${auth.password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=120;`
|
|
242
|
+
: (0, pulumi_1.interpolate) `Data Source=${sqlName}.database.windows.net;Initial Catalog=${d.name};Authentication=Active Directory Integrated;;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=120;`;
|
|
243
|
+
(0, CustomHelper_1.addCustomSecret)({
|
|
244
|
+
name: d.name,
|
|
245
|
+
value: connectionString,
|
|
246
|
+
vaultInfo,
|
|
247
|
+
contentType: `Sql ${d.name} Connection String`,
|
|
248
|
+
dependsOn: d.resource,
|
|
249
|
+
});
|
|
250
|
+
}
|
|
251
|
+
return d;
|
|
252
|
+
});
|
|
226
253
|
return {
|
|
227
254
|
name: sqlName,
|
|
228
255
|
resource: sqlServer,
|
|
@@ -231,4 +258,4 @@ exports.default = ({ name, auth, group, elasticPool, databases, vaultInfo, netwo
|
|
|
231
258
|
adminGroup,
|
|
232
259
|
};
|
|
233
260
|
};
|
|
234
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvU3FsL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsZ0RBQWdEO0FBQ2hELDJDQUFpRTtBQUdqRSx5Q0FBMkM7QUFDM0MsMkRBQXdEO0FBQ3hELGlEQUs0QjtBQUM1Qiw2Q0FBd0U7QUFDeEUsMkNBQW9DO0FBT3BDLDJDQUFrRDtBQUNsRCw2REFBNkQ7QUFDN0QsbUNBQW1EO0FBQ25ELDJEQUEyRDtBQUMzRCx1Q0FBZ0M7QUFZaEMsTUFBTSxpQkFBaUIsR0FBRyxDQUFDLEVBQ3pCLEtBQUssRUFDTCxJQUFJLEVBQ0osT0FBTztBQUNQLGtCQUFrQjtBQUNsQixjQUFjLEdBQUcsRUFBRSxFQUNuQixHQUFHLEdBQUcsRUFBRSxJQUFJLEVBQUUsZ0JBQUssQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxPQUFPLEVBQUUsUUFBUSxFQUFFLEVBQUUsRUFBRSxFQUMxRCxJQUFJLEdBQUcsSUFBSSxHQUNNLEVBQTZDLEVBQUU7SUFDaEUsb0JBQW9CO0lBQ3BCLE1BQU0sV0FBVyxHQUFHLElBQUEsMkJBQWtCLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFFN0MsTUFBTSxFQUFFLEdBQUcsSUFBSSxHQUFHLENBQUMsV0FBVyxDQUFDLFdBQVcsRUFBRTtRQUMxQyxlQUFlLEVBQUUsV0FBVztRQUM1QixVQUFVLEVBQUUsT0FBTztRQUNuQixHQUFHLEtBQUs7UUFFUixZQUFZLEVBQUUsZ0JBQUssQ0FBQyxDQUFDLENBQUMsY0FBYyxHQUFHLElBQUksR0FBRyxJQUFJLEdBQUcsSUFBSSxDQUFDLENBQUMsQ0FBQyxTQUFTO1FBQ3JFLEdBQUcsRUFBRTtZQUNILElBQUksRUFBRSxHQUFHLEdBQUcsQ0FBQyxJQUFJLE1BQU07WUFDdkIsSUFBSSxFQUFFLEdBQUcsQ0FBQyxJQUFJO1lBQ2QsUUFBUSxFQUFFLEdBQUcsQ0FBQyxRQUFRO1NBQ3ZCO1FBQ0QsbUJBQW1CLEVBQUU7WUFDbkIsV0FBVyxFQUFFLENBQUM7WUFDZCxXQUFXLEVBQUUsR0FBRyxDQUFDLElBQUksS0FBSyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLFFBQVE7U0FDckQ7UUFFRCxvREFBb0Q7UUFDcEQsdUJBQXVCO0tBQ3hCLENBQUMsQ0FBQztJQUVILElBQUksSUFBSSxFQUFFLENBQUM7UUFDVCxJQUFBLGdCQUFNLEVBQUMsRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLEVBQUUsQ0FBQyxFQUFFLEVBQUUsU0FBUyxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDckQsQ0FBQztJQUVELE9BQU8sRUFBRSxJQUFJLEVBQUUsV0FBVyxFQUFFLFFBQVEsRUFBRSxFQUFFLEVBQUUsQ0FBQztBQUM3QyxDQUFDLENBQUM7QUEwQ0Ysa0JBQWUsQ0FBQyxFQUNkLElBQUksRUFDSixJQUFJLEVBQ0osS0FBSyxFQUVMLFdBQVcsRUFDWCxTQUFTLEVBQ1QsU0FBUyxFQUVULE9BQU8sRUFDUCx1QkFBdUIsRUFDdkIsSUFBSSxHQUFHLElBQUksR0FDTCxFQUFFLEVBQUU7SUFDVixNQUFNLE9BQU8sR0FBRyxJQUFBLHlCQUFnQixFQUFDLElBQUksQ0FBQyxDQUFDO0lBRXZDLDRCQUE0QjtJQUM1Qiw4RUFBOEU7SUFDOUUsYUFBYTtJQUNiLG1DQUFtQztJQUNuQyxrQ0FBa0M7SUFDbEMsZ0NBQWdDO0lBQ2hDLE9BQU87SUFDUCxJQUFJO0lBRUosTUFBTSxVQUFVLEdBQUcsSUFBSSxFQUFFLHFCQUFxQjtRQUM1QyxDQUFDLENBQUMsSUFBSSxDQUFDLFlBQVk7WUFDakIsQ0FBQyxDQUFDLElBQUEsa0JBQVUsRUFBQyxJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssQ0FBQztZQUNyQyxDQUFDLENBQUMsSUFBQSxjQUFJLEVBQUMsRUFBRSxHQUFHLEVBQUUscUJBQVUsRUFBRSxRQUFRLEVBQUUsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsQ0FBQztRQUNoRSxDQUFDLENBQUMsU0FBUyxDQUFDO0lBRWQsTUFBTSxhQUFhLEdBQUcsQ0FBQyxvQkFBb0IsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO0lBQy9ELElBQUksSUFBSSxDQUFDLHlCQUF5QjtRQUNoQyxhQUFhLENBQUMsSUFBSSxDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFFbkQsTUFBTSxTQUFTLEdBQUcsSUFBSSxHQUFHLENBQUMsTUFBTSxDQUM5QixPQUFPLEVBQ1A7UUFDRSxVQUFVLEVBQUUsT0FBTztRQUNuQixHQUFHLEtBQUs7UUFDUixPQUFPLEVBQUUsTUFBTTtRQUNmLGlCQUFpQixFQUFFLEtBQUs7UUFFeEIsUUFBUSxFQUFFLEVBQUUsSUFBSSxFQUFFLGdCQUFnQixFQUFFO1FBQ3BDLGtCQUFrQixFQUFFLElBQUksRUFBRSxVQUFVO1FBQ3BDLDBCQUEwQixFQUFFLElBQUksQ0FBQyx5QkFBeUI7WUFDeEQsQ0FBQyxDQUFDLFNBQVM7WUFDWCxDQUFDLENBQUMsSUFBSSxFQUFFLFFBQVE7UUFFbEIsY0FBYyxFQUNaLElBQUksRUFBRSxxQkFBcUIsSUFBSSxVQUFVO1lBQ3ZDLENBQUMsQ0FBQztnQkFDRSxpQkFBaUIsRUFBRSxHQUFHLENBQUMsaUJBQWlCLENBQUMsZUFBZTtnQkFDeEQseUJBQXlCLEVBQUUsSUFBSSxDQUFDLHlCQUF5QjtnQkFFekQsYUFBYSxFQUFFLEdBQUcsQ0FBQyxhQUFhLENBQUMsS0FBSztnQkFDdEMsUUFBUSxFQUFSLG1CQUFRO2dCQUNSLEdBQUcsRUFBRSxVQUFVLENBQUMsUUFBUTtnQkFDeEIsS0FBSyxFQUFFLFVBQVUsQ0FBQyxXQUFXO2FBQzlCO1lBQ0gsQ0FBQyxDQUFDLFNBQVM7UUFFZixtQkFBbUIsRUFBRSxPQUFPLEVBQUUsV0FBVztZQUN2QyxDQUFDLENBQUMsR0FBRyxDQUFDLHVCQUF1QixDQUFDLFFBQVE7WUFDdEMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyx1QkFBdUIsQ0FBQyxPQUFPO0tBRXhDLEVBQ0Q7UUFDRSxhQUFhO1FBQ2IsT0FBTyxFQUFFLElBQUk7S0FDZCxDQUNGLENBQUM7SUFFRixJQUFJLElBQUksRUFBRSxDQUFDO1FBQ1QsSUFBQSxnQkFBTSxFQUFDLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsU0FBUyxDQUFDLEVBQUUsRUFBRSxTQUFTLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQztJQUM1RSxDQUFDO0lBRUQsTUFBTSxFQUFFLEdBQUcsV0FBVztRQUNwQixDQUFDLENBQUMsaUJBQWlCLENBQUM7WUFDaEIsSUFBSTtZQUNKLEtBQUs7WUFDTCxPQUFPLEVBQUUsU0FBUyxDQUFDLElBQUk7WUFDdkIsR0FBRyxFQUFFLFdBQVc7U0FDakIsQ0FBQztRQUNKLENBQUMsQ0FBQyxTQUFTLENBQUM7SUFFZCxJQUFJLE9BQU8sRUFBRSxRQUFRLEVBQUUsQ0FBQztRQUN0QixJQUFJLE9BQU8sQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUN4QixJQUFBLHlCQUFzQixFQUFDO2dCQUNyQixLQUFLO2dCQUNMLElBQUk7Z0JBQ0osVUFBVSxFQUFFLFNBQVMsQ0FBQyxFQUFFO2dCQUN4QixrQkFBa0IsRUFBRSxrQ0FBa0M7Z0JBQ3RELEdBQUcsT0FBTyxDQUFDLFdBQVc7Z0JBQ3RCLFFBQVEsRUFBRSxPQUFPLENBQUMsUUFBUTtnQkFDMUIsbUJBQW1CLEVBQUUsQ0FBQyxXQUFXLENBQUM7YUFDbkMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQzthQUFNLENBQUM7WUFDTixjQUFjO1lBQ2QsSUFBSSxHQUFHLENBQUMsa0JBQWtCLENBQUMsT0FBTyxFQUFFO2dCQUNsQyxzQkFBc0IsRUFBRSxHQUFHLE9BQU8sV0FBVztnQkFDN0MsVUFBVSxFQUFFLFNBQVMsQ0FBQyxJQUFJO2dCQUMxQixHQUFHLEtBQUs7Z0JBRVIsc0JBQXNCLEVBQUUsT0FBTyxDQUFDLFFBQVE7Z0JBQ3hDLGdDQUFnQyxFQUFFLEtBQUs7YUFDeEMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztJQUNILENBQUM7SUFFRCwyQkFBMkI7SUFDM0IsSUFBSSxPQUFPLEVBQUUsd0JBQXdCLEVBQUUsQ0FBQztRQUN0QyxJQUFJLEdBQUcsQ0FBQyxZQUFZLENBQUMsdUJBQXVCLEVBQUU7WUFDNUMsZ0JBQWdCLEVBQUUsdUJBQXVCO1lBQ3pDLFVBQVUsRUFBRSxTQUFTLENBQUMsSUFBSTtZQUMxQixHQUFHLEtBQUs7WUFDUixjQUFjLEVBQUUsU0FBUztZQUN6QixZQUFZLEVBQUUsaUJBQWlCO1NBQ2hDLENBQUMsQ0FBQztJQUNMLENBQUM7U0FBTSxJQUFJLE9BQU8sRUFBRSxXQUFXLEVBQUUsQ0FBQztRQUNoQyxJQUFBLFlBQUcsRUFBQyxPQUFPLENBQUMsV0FBVyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FDckMsSUFBQSx5QkFBZ0IsRUFBQyxHQUFHLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxFQUFFLEVBQUU7WUFDbEMsTUFBTSxDQUFDLEdBQUcsR0FBRyxPQUFPLFdBQVcsQ0FBQyxFQUFFLENBQUM7WUFFbkMsT0FBTyxJQUFJLEdBQUcsQ0FBQyxZQUFZLENBQUMsQ0FBQyxFQUFFO2dCQUM3QixnQkFBZ0IsRUFBRSxDQUFDO2dCQUNuQixVQUFVLEVBQUUsU0FBUyxDQUFDLElBQUk7Z0JBQzFCLEdBQUcsS0FBSztnQkFDUixjQUFjLEVBQUUsRUFBRSxDQUFDLEtBQUs7Z0JBQ3hCLFlBQVksRUFBRSxFQUFFLENBQUMsR0FBRzthQUNyQixDQUFDLENBQUM7UUFDTCxDQUFDLENBQUMsQ0FDSCxDQUFDO0lBQ0osQ0FBQztJQUVELElBQUksdUJBQXVCLEVBQUUsQ0FBQztRQUM1QiwwQkFBMEI7UUFDMUIsSUFBSSx1QkFBdUIsQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUN6QyxJQUFBLCtCQUFjLEVBQUM7Z0JBQ2IsSUFBSTtnQkFDSixXQUFXLEVBQUUsU0FBUyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsRUFBRSxXQUFXLElBQUksRUFBRSxDQUFDO2dCQUNsRSxhQUFhLEVBQUUsa0JBQWtCO2dCQUNqQyxRQUFRLEVBQUUsK0JBQStCO2dCQUN6QyxLQUFLLEVBQUUsdUJBQXVCLENBQUMsWUFBWTthQUM1QyxDQUFDLENBQUM7UUFDTCxDQUFDO1FBRUQsY0FBYztRQUNkLElBQUksR0FBRyxDQUFDLGdDQUFnQyxDQUFDLElBQUksRUFBRTtZQUM3QyxxQkFBcUIsRUFBRTtnQkFDckIsMENBQTBDO2dCQUMxQyxzQ0FBc0M7Z0JBQ3RDLHVCQUF1QjthQUN4QjtZQUNELFVBQVUsRUFBRSxTQUFTLENBQUMsSUFBSTtZQUMxQixHQUFHLEtBQUs7WUFFUixzQkFBc0IsRUFBRSxTQUFTO1lBQ2pDLDJCQUEyQixFQUFFLElBQUk7WUFDakMsMEJBQTBCLEVBQUUsS0FBSztZQUNqQyxtQkFBbUIsRUFBRSwrQkFBK0I7WUFDcEQsWUFBWSxFQUFFLElBQUk7WUFDbEIsYUFBYSxFQUFFLGdCQUFLLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUM3QixLQUFLLEVBQUUsU0FBUztZQUNoQixvQkFBb0IsRUFBRSxJQUFJO1lBRTFCLHVCQUF1QixFQUFFLHVCQUF1QixDQUFDLGdCQUFnQjtZQUNqRSw0QkFBNEIsRUFBRSx5QkFBYztZQUM1QyxlQUFlLEVBQUUsdUJBQXVCLENBQUMsZUFBZTtTQUN6RCxDQUFDLENBQUM7UUFFSCwyQkFBMkI7UUFDM0IsSUFBSSxHQUFHLENBQUMseUJBQXlCLENBQUMsSUFBSSxFQUFFO1lBQ3RDLHVCQUF1QixFQUFFLElBQUk7WUFDN0IsR0FBRyxLQUFLO1lBQ1IsVUFBVSxFQUFFLFNBQVMsQ0FBQyxJQUFJO1lBQzFCLGtCQUFrQixFQUFFLENBQUMsdUJBQXVCLENBQUMsV0FBVztZQUN4RCxjQUFjLEVBQUUsdUJBQXVCLENBQUMsV0FBVztZQUVuRCxhQUFhLEVBQUUsQ0FBQztZQUVoQix1QkFBdUIsRUFBRSx1QkFBdUIsQ0FBQyxnQkFBZ0I7WUFDakUsZUFBZSxFQUFFLHVCQUF1QixDQUFDLGVBQWU7WUFDeEQsS0FBSyxFQUFFLFNBQVM7U0FDakIsQ0FBQyxDQUFDO1FBRUgsK0JBQStCO1FBQy9CLElBQUksR0FBRyxDQUFDLDZCQUE2QixDQUFDLElBQUksRUFBRTtZQUMxQywyQkFBMkIsRUFBRSxJQUFJO1lBQ2pDLEdBQUcsS0FBSztZQUNSLFVBQVUsRUFBRSxTQUFTLENBQUMsSUFBSTtZQUUxQixjQUFjLEVBQUU7Z0JBQ2QsU0FBUyxFQUFFLElBQUk7Z0JBQ2YsdUJBQXVCLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxXQUFXO2dCQUM3RCxNQUFNLEVBQUUsdUJBQXVCLENBQUMsV0FBVzthQUM1QztZQUVELG9CQUFvQixFQUFFLElBQUEsb0JBQVcsRUFBQSxHQUFHLHVCQUF1QixDQUFDLGVBQWUsSUFBSSxPQUFPLEVBQUU7WUFDeEYsdUJBQXVCLEVBQUUsdUJBQXVCLENBQUMsZ0JBQWdCO1NBQ2xFLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxJQUFJLEdBQThELENBQUM7SUFDbkUsSUFBSSxTQUFTLEVBQUUsQ0FBQztRQUNkLEdBQUcsR0FBRyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUU7WUFDekIsTUFBTSxDQUFDLEdBQUcsSUFBQSxlQUFZLEVBQUM7Z0JBQ3JCLEdBQUcsRUFBRTtnQkFDTCxLQUFLO2dCQUNMLGFBQWEsRUFBRSxPQUFPO2dCQUN0QixTQUFTLEVBQUUsU0FBUztnQkFDcEIsYUFBYSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVM7YUFDL0MsQ0FBQyxDQUFDO1lBRUgsSUFBSSxTQUFTLEVBQUUsQ0FBQztnQkFDZCxNQUFNLGdCQUFnQixHQUFHLElBQUksRUFBRSxVQUFVO29CQUN2QyxDQUFDLENBQUMsSUFBQSxvQkFBVyxFQUFBLGVBQWUsT0FBTyx5Q0FBeUMsQ0FBQyxDQUFDLElBQUksWUFBWSxJQUFJLENBQUMsVUFBVSxhQUFhLElBQUksQ0FBQyxRQUFRLG1HQUFtRztvQkFDMU8sQ0FBQyxDQUFDLElBQUEsb0JBQVcsRUFBQSxlQUFlLE9BQU8seUNBQXlDLENBQUMsQ0FBQyxJQUFJLCtJQUErSSxDQUFDO2dCQUVwTyxJQUFBLDhCQUFlLEVBQUM7b0JBQ2QsSUFBSSxFQUFFLENBQUMsQ0FBQyxJQUFJO29CQUNaLEtBQUssRUFBRSxnQkFBZ0I7b0JBQ3ZCLFNBQVM7b0JBQ1QsV0FBVyxFQUFFLE9BQU8sQ0FBQyxDQUFDLElBQUksb0JBQW9CO29CQUM5QyxTQUFTLEVBQUUsQ0FBQyxDQUFDLFFBQVE7aUJBRXRCLENBQUMsQ0FBQztZQUNMLENBQUM7WUFFRCxPQUFPLENBQUMsQ0FBQztRQUNYLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELE9BQU87UUFDTCxJQUFJLEVBQUUsT0FBTztRQUNiLFFBQVEsRUFBRSxTQUFTO1FBQ25CLFdBQVcsRUFBRSxFQUFFO1FBQ2YsU0FBUyxFQUFFLEdBQUc7UUFDZCxVQUFVO0tBQ1gsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9
|
|
261
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvU3FsL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsZ0RBQWdEO0FBQ2hELDJDQUFpRTtBQUNqRSwrQ0FBc0Q7QUFFdEQseUNBQTJDO0FBQzNDLDJEQUF3RDtBQUN4RCxpREFLNEI7QUFDNUIsNkNBQXdFO0FBQ3hFLDJDQUFvQztBQU9wQywyQ0FBa0Q7QUFDbEQsNkRBQTZEO0FBQzdELG1DQUFtRDtBQUNuRCwyREFBMkQ7QUFDM0QsdUNBQWdDO0FBWWhDLE1BQU0saUJBQWlCLEdBQUcsQ0FBQyxFQUN6QixLQUFLLEVBQ0wsSUFBSSxFQUNKLE9BQU87QUFDUCxrQkFBa0I7QUFDbEIsY0FBYyxHQUFHLEVBQUUsRUFDbkIsR0FBRyxHQUFHLEVBQUUsSUFBSSxFQUFFLGdCQUFLLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsT0FBTyxFQUFFLFFBQVEsRUFBRSxFQUFFLEVBQUUsRUFDMUQsSUFBSSxHQUFHLElBQUksR0FDTSxFQUE2QyxFQUFFO0lBQ2hFLG9CQUFvQjtJQUNwQixNQUFNLFdBQVcsR0FBRyxJQUFBLDJCQUFrQixFQUFDLElBQUksQ0FBQyxDQUFDO0lBRTdDLE1BQU0sRUFBRSxHQUFHLElBQUksR0FBRyxDQUFDLFdBQVcsQ0FBQyxXQUFXLEVBQUU7UUFDMUMsZUFBZSxFQUFFLFdBQVc7UUFDNUIsVUFBVSxFQUFFLE9BQU87UUFDbkIsR0FBRyxLQUFLO1FBRVIsWUFBWSxFQUFFLGdCQUFLLENBQUMsQ0FBQyxDQUFDLGNBQWMsR0FBRyxJQUFJLEdBQUcsSUFBSSxHQUFHLElBQUksQ0FBQyxDQUFDLENBQUMsU0FBUztRQUNyRSxHQUFHLEVBQUU7WUFDSCxJQUFJLEVBQUUsR0FBRyxHQUFHLENBQUMsSUFBSSxNQUFNO1lBQ3ZCLElBQUksRUFBRSxHQUFHLENBQUMsSUFBSTtZQUNkLFFBQVEsRUFBRSxHQUFHLENBQUMsUUFBUTtTQUN2QjtRQUNELG1CQUFtQixFQUFFO1lBQ25CLFdBQVcsRUFBRSxDQUFDO1lBQ2QsV0FBVyxFQUFFLEdBQUcsQ0FBQyxJQUFJLEtBQUssT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxRQUFRO1NBQ3JEO1FBQ0QsYUFBYSxFQUFFLGdCQUFLO1FBQ3BCLG9EQUFvRDtRQUNwRCx1QkFBdUI7S0FDeEIsQ0FBQyxDQUFDO0lBRUgsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUNULElBQUEsZ0JBQU0sRUFBQyxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsRUFBRSxDQUFDLEVBQUUsRUFBRSxTQUFTLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUNyRCxDQUFDO0lBRUQsT0FBTyxFQUFFLElBQUksRUFBRSxXQUFXLEVBQUUsUUFBUSxFQUFFLEVBQUUsRUFBRSxDQUFDO0FBQzdDLENBQUMsQ0FBQztBQTJDRixrQkFBZSxDQUFDLEVBQ2QsSUFBSSxFQUNKLElBQUksRUFDSixLQUFLLEVBQ0wsZ0JBQWdCLEVBQ2hCLFdBQVcsRUFDWCxTQUFTLEVBQ1QsU0FBUyxFQUVULE9BQU8sRUFDUCx1QkFBdUIsRUFDdkIsSUFBSSxHQUFHLElBQUksR0FDTCxFQUFFLEVBQUU7SUFDVixNQUFNLE9BQU8sR0FBRyxJQUFBLHlCQUFnQixFQUFDLElBQUksQ0FBQyxDQUFDO0lBQ3ZDLE1BQU0sVUFBVSxHQUFHLGdCQUFnQjtRQUNqQyxDQUFDLENBQUMsSUFBQSx5QkFBZ0IsRUFBQyxJQUFJLEVBQUUsU0FBUyxDQUFDO1FBQ25DLENBQUMsQ0FBQyxTQUFTLENBQUM7SUFDZCw0QkFBNEI7SUFDNUIsOEVBQThFO0lBQzlFLGFBQWE7SUFDYixtQ0FBbUM7SUFDbkMsa0NBQWtDO0lBQ2xDLGdDQUFnQztJQUNoQyxPQUFPO0lBQ1AsSUFBSTtJQUVKLE1BQU0sVUFBVSxHQUFHLElBQUksRUFBRSxxQkFBcUI7UUFDNUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxZQUFZO1lBQ2pCLENBQUMsQ0FBQyxJQUFBLGtCQUFVLEVBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUM7WUFDckMsQ0FBQyxDQUFDLElBQUEsY0FBSSxFQUFDLEVBQUUsR0FBRyxFQUFFLHFCQUFVLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLENBQUM7UUFDaEUsQ0FBQyxDQUFDLFNBQVMsQ0FBQztJQUVkLE1BQU0sYUFBYSxHQUFHLENBQUMsb0JBQW9CLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQztJQUMvRCxJQUFJLElBQUksQ0FBQyx5QkFBeUI7UUFDaEMsYUFBYSxDQUFDLElBQUksQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0lBRW5ELE1BQU0sU0FBUyxHQUFHLElBQUksR0FBRyxDQUFDLE1BQU0sQ0FDOUIsT0FBTyxFQUNQO1FBQ0UsVUFBVSxFQUFFLE9BQU87UUFDbkIsR0FBRyxLQUFLO1FBQ1IsT0FBTyxFQUFFLE1BQU07UUFDZixpQkFBaUIsRUFBRSxLQUFLO1FBRXhCLFFBQVEsRUFBRSxFQUFFLElBQUksRUFBRSxnQkFBZ0IsRUFBRTtRQUNwQyxrQkFBa0IsRUFBRSxJQUFJLEVBQUUsVUFBVTtRQUNwQywwQkFBMEIsRUFBRSxJQUFJLENBQUMseUJBQXlCO1lBQ3hELENBQUMsQ0FBQyxTQUFTO1lBQ1gsQ0FBQyxDQUFDLElBQUksRUFBRSxRQUFRO1FBRWxCLGNBQWMsRUFDWixJQUFJLEVBQUUscUJBQXFCLElBQUksVUFBVTtZQUN2QyxDQUFDLENBQUM7Z0JBQ0UsaUJBQWlCLEVBQUUsR0FBRyxDQUFDLGlCQUFpQixDQUFDLGVBQWU7Z0JBQ3hELHlCQUF5QixFQUFFLElBQUksQ0FBQyx5QkFBeUI7Z0JBRXpELGFBQWEsRUFBRSxHQUFHLENBQUMsYUFBYSxDQUFDLEtBQUs7Z0JBQ3RDLFFBQVEsRUFBUixtQkFBUTtnQkFDUixHQUFHLEVBQUUsVUFBVSxDQUFDLFFBQVE7Z0JBQ3hCLEtBQUssRUFBRSxVQUFVLENBQUMsV0FBVzthQUM5QjtZQUNILENBQUMsQ0FBQyxTQUFTO1FBRWYsbUJBQW1CLEVBQUUsT0FBTyxFQUFFLFdBQVc7WUFDdkMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyx1QkFBdUIsQ0FBQyxRQUFRO1lBQ3RDLENBQUMsQ0FBQyxHQUFHLENBQUMsdUJBQXVCLENBQUMsT0FBTztLQUN4QyxFQUNEO1FBQ0UsYUFBYTtRQUNiLE9BQU8sRUFBRSxJQUFJO0tBQ2QsQ0FDRixDQUFDO0lBRUYsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUNULElBQUEsZ0JBQU0sRUFBQyxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLFNBQVMsQ0FBQyxFQUFFLEVBQUUsU0FBUyxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUM7SUFDNUUsQ0FBQztJQUVELE1BQU0sRUFBRSxHQUFHLFdBQVc7UUFDcEIsQ0FBQyxDQUFDLGlCQUFpQixDQUFDO1lBQ2hCLElBQUk7WUFDSixLQUFLO1lBQ0wsT0FBTyxFQUFFLFNBQVMsQ0FBQyxJQUFJO1lBQ3ZCLEdBQUcsRUFBRSxXQUFXO1NBQ2pCLENBQUM7UUFDSixDQUFDLENBQUMsU0FBUyxDQUFDO0lBRWQsSUFBSSxPQUFPLEVBQUUsUUFBUSxFQUFFLENBQUM7UUFDdEIsSUFBSSxPQUFPLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDeEIsSUFBQSx5QkFBc0IsRUFBQztnQkFDckIsS0FBSztnQkFDTCxJQUFJO2dCQUNKLFVBQVUsRUFBRSxTQUFTLENBQUMsRUFBRTtnQkFDeEIsa0JBQWtCLEVBQUUsa0NBQWtDO2dCQUN0RCxHQUFHLE9BQU8sQ0FBQyxXQUFXO2dCQUN0QixRQUFRLEVBQUUsT0FBTyxDQUFDLFFBQVE7Z0JBQzFCLG1CQUFtQixFQUFFLENBQUMsV0FBVyxDQUFDO2FBQ25DLENBQUMsQ0FBQztRQUNMLENBQUM7YUFBTSxDQUFDO1lBQ04sY0FBYztZQUNkLElBQUksR0FBRyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sRUFBRTtnQkFDbEMsc0JBQXNCLEVBQUUsR0FBRyxPQUFPLFdBQVc7Z0JBQzdDLFVBQVUsRUFBRSxTQUFTLENBQUMsSUFBSTtnQkFDMUIsR0FBRyxLQUFLO2dCQUVSLHNCQUFzQixFQUFFLE9BQU8sQ0FBQyxRQUFRO2dCQUN4QyxnQ0FBZ0MsRUFBRSxLQUFLO2FBQ3hDLENBQUMsQ0FBQztRQUNMLENBQUM7SUFDSCxDQUFDO0lBRUQsMkJBQTJCO0lBQzNCLElBQUksT0FBTyxFQUFFLHdCQUF3QixFQUFFLENBQUM7UUFDdEMsSUFBSSxHQUFHLENBQUMsWUFBWSxDQUFDLHVCQUF1QixFQUFFO1lBQzVDLGdCQUFnQixFQUFFLHVCQUF1QjtZQUN6QyxVQUFVLEVBQUUsU0FBUyxDQUFDLElBQUk7WUFDMUIsR0FBRyxLQUFLO1lBQ1IsY0FBYyxFQUFFLFNBQVM7WUFDekIsWUFBWSxFQUFFLGlCQUFpQjtTQUNoQyxDQUFDLENBQUM7SUFDTCxDQUFDO1NBQU0sSUFBSSxPQUFPLEVBQUUsV0FBVyxFQUFFLENBQUM7UUFDaEMsSUFBQSxZQUFHLEVBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQ3JDLElBQUEseUJBQWdCLEVBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsRUFBRSxFQUFFO1lBQ2xDLE1BQU0sQ0FBQyxHQUFHLEdBQUcsT0FBTyxXQUFXLENBQUMsRUFBRSxDQUFDO1lBRW5DLE9BQU8sSUFBSSxHQUFHLENBQUMsWUFBWSxDQUFDLENBQUMsRUFBRTtnQkFDN0IsZ0JBQWdCLEVBQUUsQ0FBQztnQkFDbkIsVUFBVSxFQUFFLFNBQVMsQ0FBQyxJQUFJO2dCQUMxQixHQUFHLEtBQUs7Z0JBQ1IsY0FBYyxFQUFFLEVBQUUsQ0FBQyxLQUFLO2dCQUN4QixZQUFZLEVBQUUsRUFBRSxDQUFDLEdBQUc7YUFDckIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQyxDQUFDLENBQ0gsQ0FBQztJQUNKLENBQUM7SUFFRCxJQUFJLHVCQUF1QixFQUFFLENBQUM7UUFDNUIsMEJBQTBCO1FBQzFCLElBQUksdUJBQXVCLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDekMsSUFBQSwrQkFBYyxFQUFDO2dCQUNiLElBQUk7Z0JBQ0osV0FBVyxFQUFFLFNBQVMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLEVBQUUsV0FBVyxJQUFJLEVBQUUsQ0FBQztnQkFDbEUsYUFBYSxFQUFFLGtCQUFrQjtnQkFDakMsUUFBUSxFQUFFLCtCQUErQjtnQkFDekMsS0FBSyxFQUFFLHVCQUF1QixDQUFDLFlBQVk7YUFDNUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELGNBQWM7UUFDZCxJQUFJLEdBQUcsQ0FBQyxnQ0FBZ0MsQ0FBQyxJQUFJLEVBQUU7WUFDN0MscUJBQXFCLEVBQUU7Z0JBQ3JCLDBDQUEwQztnQkFDMUMsc0NBQXNDO2dCQUN0Qyx1QkFBdUI7YUFDeEI7WUFDRCxVQUFVLEVBQUUsU0FBUyxDQUFDLElBQUk7WUFDMUIsR0FBRyxLQUFLO1lBRVIsc0JBQXNCLEVBQUUsU0FBUztZQUNqQywyQkFBMkIsRUFBRSxJQUFJO1lBQ2pDLDBCQUEwQixFQUFFLEtBQUs7WUFDakMsbUJBQW1CLEVBQUUsK0JBQStCO1lBQ3BELFlBQVksRUFBRSxJQUFJO1lBQ2xCLGFBQWEsRUFBRSxnQkFBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDN0IsS0FBSyxFQUFFLFNBQVM7WUFDaEIsb0JBQW9CLEVBQUUsSUFBSTtZQUUxQix1QkFBdUIsRUFBRSx1QkFBdUIsQ0FBQyxnQkFBZ0I7WUFDakUsNEJBQTRCLEVBQUUseUJBQWM7WUFDNUMsZUFBZSxFQUFFLHVCQUF1QixDQUFDLGVBQWU7U0FDekQsQ0FBQyxDQUFDO1FBRUgsMkJBQTJCO1FBQzNCLElBQUksR0FBRyxDQUFDLHlCQUF5QixDQUFDLElBQUksRUFBRTtZQUN0Qyx1QkFBdUIsRUFBRSxJQUFJO1lBQzdCLEdBQUcsS0FBSztZQUNSLFVBQVUsRUFBRSxTQUFTLENBQUMsSUFBSTtZQUMxQixrQkFBa0IsRUFBRSxDQUFDLHVCQUF1QixDQUFDLFdBQVc7WUFDeEQsY0FBYyxFQUFFLHVCQUF1QixDQUFDLFdBQVc7WUFFbkQsYUFBYSxFQUFFLENBQUM7WUFFaEIsdUJBQXVCLEVBQUUsdUJBQXVCLENBQUMsZ0JBQWdCO1lBQ2pFLGVBQWUsRUFBRSx1QkFBdUIsQ0FBQyxlQUFlO1lBQ3hELEtBQUssRUFBRSxTQUFTO1NBQ2pCLENBQUMsQ0FBQztRQUVILCtCQUErQjtRQUMvQixJQUFJLEdBQUcsQ0FBQyw2QkFBNkIsQ0FBQyxJQUFJLEVBQUU7WUFDMUMsMkJBQTJCLEVBQUUsSUFBSTtZQUNqQyxHQUFHLEtBQUs7WUFDUixVQUFVLEVBQUUsU0FBUyxDQUFDLElBQUk7WUFFMUIsY0FBYyxFQUFFO2dCQUNkLFNBQVMsRUFBRSxJQUFJO2dCQUNmLHVCQUF1QixFQUFFLENBQUMsdUJBQXVCLENBQUMsV0FBVztnQkFDN0QsTUFBTSxFQUFFLHVCQUF1QixDQUFDLFdBQVc7YUFDNUM7WUFFRCxvQkFBb0IsRUFBRSxJQUFBLG9CQUFXLEVBQUEsR0FBRyx1QkFBdUIsQ0FBQyxlQUFlLElBQUksT0FBTyxFQUFFO1lBQ3hGLHVCQUF1QixFQUFFLHVCQUF1QixDQUFDLGdCQUFnQjtTQUNsRSxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsSUFBSSxVQUFVLEVBQUUsQ0FBQztRQUNmLDRFQUE0RTtRQUM1RSxJQUFJLEdBQUcsQ0FBQyxTQUFTLENBQUMsR0FBRyxPQUFPLFlBQVksRUFBRTtZQUN4QyxpQkFBaUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO1lBQzFDLFVBQVUsRUFBRSxPQUFPO1lBQ25CLGFBQWEsRUFBRSxlQUFlO1lBQzlCLE9BQU8sRUFBRSxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFFLENBQUMsSUFBSSxDQUFDO1lBQ3pDLEdBQUcsRUFBRSxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUUsQ0FBQyxVQUFVLENBQUMsUUFBUSxTQUFTLENBQUUsQ0FBQyxJQUFJLEVBQUUsQ0FBQztTQUMxRSxDQUFDLENBQUM7UUFFSCxJQUFJLEdBQUcsQ0FBQyxtQkFBbUIsQ0FBQyxHQUFHLE9BQU8sc0JBQXNCLEVBQUU7WUFDNUQsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLGlCQUFpQjtZQUMxQyxVQUFVLEVBQUUsT0FBTztZQUNuQixhQUFhLEVBQUUsZUFBZTtZQUM5QixtQkFBbUIsRUFBRSxJQUFJO1NBQzFCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxNQUFNLEdBQUcsR0FBRyxTQUFTLEVBQUUsR0FBRyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUU7UUFDaEMsTUFBTSxDQUFDLEdBQUcsSUFBQSxlQUFZLEVBQUM7WUFDckIsR0FBRyxFQUFFO1lBQ0wsS0FBSztZQUNMLGFBQWEsRUFBRSxPQUFPO1lBQ3RCLFNBQVMsRUFBRSxTQUFTO1lBQ3BCLGFBQWEsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTO1NBQy9DLENBQUMsQ0FBQztRQUVILElBQUksVUFBVSxFQUFFLENBQUM7WUFDZixvREFBb0Q7WUFDcEQsSUFBSSxHQUFHLENBQUMseUJBQXlCLENBQUMsR0FBRyxPQUFPLElBQUksRUFBRSxDQUFDLElBQUksRUFBRSxFQUFFO2dCQUN6RCxVQUFVLEVBQUUsT0FBTztnQkFDbkIsWUFBWSxFQUFFLEVBQUUsQ0FBQyxJQUFJO2dCQUNyQixpQkFBaUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO2dCQUMxQyxLQUFLLEVBQUUsU0FBUzthQUNqQixDQUFDLENBQUM7UUFDTCxDQUFDO1FBRUQsSUFBSSxTQUFTLEVBQUUsQ0FBQztZQUNkLE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxFQUFFLFVBQVU7Z0JBQ3ZDLENBQUMsQ0FBQyxJQUFBLG9CQUFXLEVBQUEsZUFBZSxPQUFPLHlDQUF5QyxDQUFDLENBQUMsSUFBSSxZQUFZLElBQUksQ0FBQyxVQUFVLGFBQWEsSUFBSSxDQUFDLFFBQVEsbUdBQW1HO2dCQUMxTyxDQUFDLENBQUMsSUFBQSxvQkFBVyxFQUFBLGVBQWUsT0FBTyx5Q0FBeUMsQ0FBQyxDQUFDLElBQUksK0lBQStJLENBQUM7WUFFcE8sSUFBQSw4QkFBZSxFQUFDO2dCQUNkLElBQUksRUFBRSxDQUFDLENBQUMsSUFBSTtnQkFDWixLQUFLLEVBQUUsZ0JBQWdCO2dCQUN2QixTQUFTO2dCQUNULFdBQVcsRUFBRSxPQUFPLENBQUMsQ0FBQyxJQUFJLG9CQUFvQjtnQkFDOUMsU0FBUyxFQUFFLENBQUMsQ0FBQyxRQUFRO2FBQ3RCLENBQUMsQ0FBQztRQUNMLENBQUM7UUFFRCxPQUFPLENBQUMsQ0FBQztJQUNYLENBQUMsQ0FBQyxDQUFDO0lBRUgsT0FBTztRQUNMLElBQUksRUFBRSxPQUFPO1FBQ2IsUUFBUSxFQUFFLFNBQVM7UUFDbkIsV0FBVyxFQUFFLEVBQUU7UUFDZixTQUFTLEVBQUUsR0FBRztRQUNkLFVBQVU7S0FDWCxDQUFDO0FBQ0osQ0FBQyxDQUFDIn0=
|
package/Storage/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { KeyVaultInfo, BasicResourceArgs } from
|
|
2
|
-
import { Input } from
|
|
3
|
-
import { DefaultManagementRules, ManagementRules } from
|
|
1
|
+
import { KeyVaultInfo, BasicResourceArgs } from "../types";
|
|
2
|
+
import { Input } from "@pulumi/pulumi";
|
|
3
|
+
import { DefaultManagementRules, ManagementRules } from "./ManagementRules";
|
|
4
4
|
type ContainerProps = {
|
|
5
5
|
name: string;
|
|
6
6
|
public?: boolean;
|
package/Storage/index.js
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
const storage = require("@pulumi/azure-native/storage");
|
|
4
|
-
const pulumi_1 = require("@pulumi/pulumi");
|
|
5
4
|
const Helpers_1 = require("../Logs/Helpers");
|
|
6
5
|
const Helper_1 = require("../KeyVault/Helper");
|
|
7
6
|
const AzureEnv_1 = require("../Common/AzureEnv");
|
|
@@ -10,22 +9,17 @@ const Naming_1 = require("../Common/Naming");
|
|
|
10
9
|
const CustomHelper_1 = require("../KeyVault/CustomHelper");
|
|
11
10
|
const Locker_1 = require("../Core/Locker");
|
|
12
11
|
const ManagementRules_1 = require("./ManagementRules");
|
|
13
|
-
const KeyVaultBase_1 = require("@drunk-pulumi/azure-providers/AzBase/KeyVaultBase");
|
|
14
|
-
const getEncryptionKey = (name, vaultInfo) => {
|
|
15
|
-
const n = `${name}-encrypt-key`;
|
|
16
|
-
return (0, pulumi_1.output)((0, KeyVaultBase_1.getKeyVaultBase)(vaultInfo.name).getOrCreateKey(n));
|
|
17
|
-
};
|
|
18
12
|
/** Storage Creator */
|
|
19
13
|
exports.default = ({ name, group, customDomain, allowsCors, vaultInfo, defaultManagementRules, containers = [], queues = [], fileShares = [],
|
|
20
14
|
//appInsight,
|
|
21
15
|
network, featureFlags = {}, policies = { keyExpirationPeriodInDays: 365 }, lock = true, }) => {
|
|
22
16
|
name = (0, Naming_1.getStorageName)(name);
|
|
23
|
-
const primaryKeyName = (0, Naming_1.getKeyName)(name,
|
|
24
|
-
const secondaryKeyName = (0, Naming_1.getKeyName)(name,
|
|
25
|
-
const primaryConnectionKeyName = (0, Naming_1.getConnectionName)(name,
|
|
26
|
-
const secondConnectionKeyName = (0, Naming_1.getConnectionName)(name,
|
|
17
|
+
const primaryKeyName = (0, Naming_1.getKeyName)(name, "primary");
|
|
18
|
+
const secondaryKeyName = (0, Naming_1.getKeyName)(name, "secondary");
|
|
19
|
+
const primaryConnectionKeyName = (0, Naming_1.getConnectionName)(name, "primary");
|
|
20
|
+
const secondConnectionKeyName = (0, Naming_1.getConnectionName)(name, "secondary");
|
|
27
21
|
const encryptionKey = featureFlags.enableKeyVaultEncryption
|
|
28
|
-
? getEncryptionKey(name, vaultInfo)
|
|
22
|
+
? (0, Helper_1.getEncryptionKey)(name, vaultInfo)
|
|
29
23
|
: undefined;
|
|
30
24
|
//To fix identity issue then using this approach https://github.com/pulumi/pulumi-azure-native/blob/master/examples/keyvault/index.ts
|
|
31
25
|
const stg = new storage.StorageAccount(name, {
|
|
@@ -37,13 +31,13 @@ network, featureFlags = {}, policies = { keyExpirationPeriodInDays: 365 }, lock
|
|
|
37
31
|
? storage.SkuName.Standard_ZRS //Zone redundant in PRD
|
|
38
32
|
: storage.SkuName.Standard_LRS,
|
|
39
33
|
},
|
|
40
|
-
accessTier:
|
|
34
|
+
accessTier: "Hot",
|
|
41
35
|
isHnsEnabled: true,
|
|
42
36
|
enableHttpsTrafficOnly: true,
|
|
43
37
|
allowBlobPublicAccess: policies?.allowBlobPublicAccess,
|
|
44
38
|
allowSharedKeyAccess: featureFlags.allowSharedKeyAccess,
|
|
45
|
-
identity: { type:
|
|
46
|
-
minimumTlsVersion:
|
|
39
|
+
identity: { type: "SystemAssigned" },
|
|
40
|
+
minimumTlsVersion: "TLS1_2",
|
|
47
41
|
//1 Year Months
|
|
48
42
|
keyPolicy: {
|
|
49
43
|
keyExpirationPeriodInDays: policies.keyExpirationPeriodInDays || 365,
|
|
@@ -69,7 +63,7 @@ network, featureFlags = {}, policies = { keyExpirationPeriodInDays: 365 }, lock
|
|
|
69
63
|
: undefined,
|
|
70
64
|
sasPolicy: {
|
|
71
65
|
expirationAction: storage.ExpirationAction.Log,
|
|
72
|
-
sasExpirationPeriod:
|
|
66
|
+
sasExpirationPeriod: "00.00:30:00",
|
|
73
67
|
},
|
|
74
68
|
customDomain: customDomain && !featureFlags.enableStaticWebsite
|
|
75
69
|
? { name: customDomain, useSubDomainName: true }
|
|
@@ -83,19 +77,19 @@ network, featureFlags = {}, policies = { keyExpirationPeriodInDays: 365 }, lock
|
|
|
83
77
|
// },
|
|
84
78
|
networkRuleSet: network
|
|
85
79
|
? {
|
|
86
|
-
bypass:
|
|
87
|
-
defaultAction:
|
|
80
|
+
bypass: "Logging, Metrics",
|
|
81
|
+
defaultAction: "Allow",
|
|
88
82
|
virtualNetworkRules: network.subnetId
|
|
89
83
|
? [{ virtualNetworkResourceId: network.subnetId }]
|
|
90
84
|
: undefined,
|
|
91
85
|
ipRules: network.ipAddresses
|
|
92
86
|
? network.ipAddresses.map((i) => ({
|
|
93
87
|
iPAddressOrRange: i,
|
|
94
|
-
action:
|
|
88
|
+
action: "Allow",
|
|
95
89
|
}))
|
|
96
90
|
: undefined,
|
|
97
91
|
}
|
|
98
|
-
: { defaultAction:
|
|
92
|
+
: { defaultAction: "Allow" },
|
|
99
93
|
});
|
|
100
94
|
//Soft Delete
|
|
101
95
|
if (policies) {
|
|
@@ -149,8 +143,8 @@ network, featureFlags = {}, policies = { keyExpirationPeriodInDays: 365 }, lock
|
|
|
149
143
|
new storage.StorageAccountStaticWebsite(name, {
|
|
150
144
|
accountName: stg.name,
|
|
151
145
|
...group,
|
|
152
|
-
indexDocument:
|
|
153
|
-
error404Document:
|
|
146
|
+
indexDocument: "index.html",
|
|
147
|
+
error404Document: "index.html",
|
|
154
148
|
}, { dependsOn: stg });
|
|
155
149
|
// if (appInsight && customDomain) {
|
|
156
150
|
// addInsightMonitor({ name, appInsight, url: customDomain });
|
|
@@ -178,7 +172,7 @@ network, featureFlags = {}, policies = { keyExpirationPeriodInDays: 365 }, lock
|
|
|
178
172
|
...group,
|
|
179
173
|
accountName: stg.name,
|
|
180
174
|
//denyEncryptionScopeOverride: true,
|
|
181
|
-
publicAccess: c.public ?
|
|
175
|
+
publicAccess: c.public ? "Blob" : "None",
|
|
182
176
|
});
|
|
183
177
|
if (c.managementRules) {
|
|
184
178
|
(0, ManagementRules_1.createManagementRules)({
|
|
@@ -211,7 +205,7 @@ network, featureFlags = {}, policies = { keyExpirationPeriodInDays: 365 }, lock
|
|
|
211
205
|
stg.id.apply(async (id) => {
|
|
212
206
|
if (!id)
|
|
213
207
|
return;
|
|
214
|
-
stg.identity.apply((i) => console.log(
|
|
208
|
+
stg.identity.apply((i) => console.log("Add this ID into Key Vault ReadOnly Group to allows custom key encryption:", i.principalId));
|
|
215
209
|
const keys = (await storage.listStorageAccountKeys({
|
|
216
210
|
accountName: name,
|
|
217
211
|
resourceGroupName: group.resourceGroupName,
|
|
@@ -224,7 +218,7 @@ network, featureFlags = {}, policies = { keyExpirationPeriodInDays: 365 }, lock
|
|
|
224
218
|
//Keys
|
|
225
219
|
(0, CustomHelper_1.addCustomSecrets)({
|
|
226
220
|
vaultInfo,
|
|
227
|
-
contentType:
|
|
221
|
+
contentType: "Storage",
|
|
228
222
|
formattedName: true,
|
|
229
223
|
items: [
|
|
230
224
|
{
|
|
@@ -260,4 +254,4 @@ network, featureFlags = {}, policies = { keyExpirationPeriodInDays: 365 }, lock
|
|
|
260
254
|
: undefined,
|
|
261
255
|
};
|
|
262
256
|
};
|
|
263
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
257
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvU3RvcmFnZS9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLHdEQUF3RDtBQUl4RCw2Q0FBeUQ7QUFDekQsK0NBQWlFO0FBQ2pFLGlEQUEyQztBQUMzQywrQ0FBdUM7QUFFdkMsNkNBSTBCO0FBQzFCLDJEQUE0RDtBQUM1RCwyQ0FBb0M7QUFDcEMsdURBSTJCO0FBdUQzQixzQkFBc0I7QUFDdEIsa0JBQWUsQ0FBQyxFQUNkLElBQUksRUFDSixLQUFLLEVBQ0wsWUFBWSxFQUNaLFVBQVUsRUFDVixTQUFTLEVBQ1Qsc0JBQXNCLEVBQ3RCLFVBQVUsR0FBRyxFQUFFLEVBQ2YsTUFBTSxHQUFHLEVBQUUsRUFDWCxVQUFVLEdBQUcsRUFBRTtBQUNmLGFBQWE7QUFDYixPQUFPLEVBQ1AsWUFBWSxHQUFHLEVBQUUsRUFDakIsUUFBUSxHQUFHLEVBQUUseUJBQXlCLEVBQUUsR0FBRyxFQUFFLEVBQzdDLElBQUksR0FBRyxJQUFJLEdBQ0UsRUFBRSxFQUFFO0lBQ2pCLElBQUksR0FBRyxJQUFBLHVCQUFjLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFFNUIsTUFBTSxjQUFjLEdBQUcsSUFBQSxtQkFBVSxFQUFDLElBQUksRUFBRSxTQUFTLENBQUMsQ0FBQztJQUNuRCxNQUFNLGdCQUFnQixHQUFHLElBQUEsbUJBQVUsRUFBQyxJQUFJLEVBQUUsV0FBVyxDQUFDLENBQUM7SUFDdkQsTUFBTSx3QkFBd0IsR0FBRyxJQUFBLDBCQUFpQixFQUFDLElBQUksRUFBRSxTQUFTLENBQUMsQ0FBQztJQUNwRSxNQUFNLHVCQUF1QixHQUFHLElBQUEsMEJBQWlCLEVBQUMsSUFBSSxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3JFLE1BQU0sYUFBYSxHQUFHLFlBQVksQ0FBQyx3QkFBd0I7UUFDekQsQ0FBQyxDQUFDLElBQUEseUJBQWdCLEVBQUMsSUFBSSxFQUFFLFNBQVMsQ0FBQztRQUNuQyxDQUFDLENBQUMsU0FBUyxDQUFDO0lBRWQscUlBQXFJO0lBQ3JJLE1BQU0sR0FBRyxHQUFHLElBQUksT0FBTyxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUU7UUFDM0MsV0FBVyxFQUFFLElBQUk7UUFDakIsR0FBRyxLQUFLO1FBRVIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxJQUFJLENBQUMsU0FBUztRQUM1QixHQUFHLEVBQUU7WUFDSCxJQUFJLEVBQUUsZ0JBQUs7Z0JBQ1QsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLHVCQUF1QjtnQkFDdEQsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsWUFBWTtTQUNqQztRQUNELFVBQVUsRUFBRSxLQUFLO1FBRWpCLFlBQVksRUFBRSxJQUFJO1FBQ2xCLHNCQUFzQixFQUFFLElBQUk7UUFDNUIscUJBQXFCLEVBQUUsUUFBUSxFQUFFLHFCQUFxQjtRQUN0RCxvQkFBb0IsRUFBRSxZQUFZLENBQUMsb0JBQW9CO1FBQ3ZELFFBQVEsRUFBRSxFQUFFLElBQUksRUFBRSxnQkFBZ0IsRUFBRTtRQUNwQyxpQkFBaUIsRUFBRSxRQUFRO1FBRTNCLGVBQWU7UUFDZixTQUFTLEVBQUU7WUFDVCx5QkFBeUIsRUFBRSxRQUFRLENBQUMseUJBQXlCLElBQUksR0FBRztTQUNyRTtRQUVELFVBQVUsRUFBRSxhQUFhO1lBQ3ZCLENBQUMsQ0FBQztnQkFDRSxRQUFRLEVBQUU7b0JBQ1IsSUFBSSxFQUFFO3dCQUNKLE9BQU8sRUFBRSxJQUFJO3dCQUNiLE9BQU8sRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLE9BQU87cUJBQ2pDO29CQUNELElBQUksRUFBRTt3QkFDSixPQUFPLEVBQUUsSUFBSTt3QkFDYixPQUFPLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQyxPQUFPO3FCQUNqQztpQkFDRjtnQkFDRCxTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVMsQ0FBQyxrQkFBa0I7Z0JBQy9DLGtCQUFrQixFQUFFLGFBQWEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7b0JBQzlDLE9BQU8sRUFBRSxDQUFFLENBQUMsSUFBSTtvQkFDaEIsV0FBVyxFQUFFLENBQUUsQ0FBQyxVQUFVLENBQUMsUUFBUTtpQkFDcEMsQ0FBQyxDQUFDO2FBQ0o7WUFDSCxDQUFDLENBQUMsU0FBUztRQUViLFNBQVMsRUFBRTtZQUNULGdCQUFnQixFQUFFLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHO1lBQzlDLG1CQUFtQixFQUFFLGFBQWE7U0FDbkM7UUFFRCxZQUFZLEVBQ1YsWUFBWSxJQUFJLENBQUMsWUFBWSxDQUFDLG1CQUFtQjtZQUMvQyxDQUFDLENBQUMsRUFBRSxJQUFJLEVBQUUsWUFBWSxFQUFFLGdCQUFnQixFQUFFLElBQUksRUFBRTtZQUNoRCxDQUFDLENBQUMsU0FBUztRQUVmLHVCQUF1QjtRQUN2Qix1Q0FBdUM7UUFDdkMscURBQXFEO1FBQ3JELHVEQUF1RDtRQUN2RCxxQ0FBcUM7UUFDckMsc0NBQXNDO1FBQ3RDLEtBQUs7UUFFTCxjQUFjLEVBQUUsT0FBTztZQUNyQixDQUFDLENBQUM7Z0JBQ0UsTUFBTSxFQUFFLGtCQUFrQjtnQkFDMUIsYUFBYSxFQUFFLE9BQU87Z0JBRXRCLG1CQUFtQixFQUFFLE9BQU8sQ0FBQyxRQUFRO29CQUNuQyxDQUFDLENBQUMsQ0FBQyxFQUFFLHdCQUF3QixFQUFFLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQztvQkFDbEQsQ0FBQyxDQUFDLFNBQVM7Z0JBRWIsT0FBTyxFQUFFLE9BQU8sQ0FBQyxXQUFXO29CQUMxQixDQUFDLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7d0JBQzlCLGdCQUFnQixFQUFFLENBQUM7d0JBQ25CLE1BQU0sRUFBRSxPQUFPO3FCQUNoQixDQUFDLENBQUM7b0JBQ0wsQ0FBQyxDQUFDLFNBQVM7YUFDZDtZQUNILENBQUMsQ0FBQyxFQUFFLGFBQWEsRUFBRSxPQUFPLEVBQUU7S0FDL0IsQ0FBQyxDQUFDO0lBRUgsYUFBYTtJQUNiLElBQUksUUFBUSxFQUFFLENBQUM7UUFDYixxQ0FBcUM7UUFDckMsMEJBQTBCO1FBQzFCLE1BQU07UUFDTiw2QkFBNkI7UUFDN0IsZ0JBQWdCO1FBQ2hCLEVBQUU7UUFDRix5REFBeUQ7UUFDekQsWUFBWTtRQUNaLHNEQUFzRDtRQUN0RCwrQ0FBK0M7UUFDL0MsWUFBWTtRQUNaLHFCQUFxQjtRQUNyQiw2REFBNkQ7UUFDN0QsT0FBTztRQUNQLHVCQUF1QjtRQUN2QixLQUFLO1FBQ0wsRUFBRTtRQUNGLHFDQUFxQztRQUNyQywwQkFBMEI7UUFDMUIsTUFBTTtRQUNOLDZCQUE2QjtRQUM3QixnQkFBZ0I7UUFDaEIsRUFBRTtRQUNGLG1FQUFtRTtRQUNuRSxZQUFZO1FBQ1osMkRBQTJEO1FBQzNELG9EQUFvRDtRQUNwRCxZQUFZO1FBQ1oscUJBQXFCO1FBQ3JCLE9BQU87UUFDUCx1QkFBdUI7UUFDdkIsS0FBSztJQUNQLENBQUM7SUFFRCx1QkFBdUI7SUFDdkIsSUFBSSxzQkFBc0IsRUFBRSxDQUFDO1FBQzNCLElBQUEsdUNBQXFCLEVBQUM7WUFDcEIsSUFBSTtZQUNKLGNBQWMsRUFBRSxHQUFHO1lBQ25CLEtBQUs7WUFDTCxLQUFLLEVBQUUsc0JBQXNCO1NBQzlCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxJQUFJLElBQUksRUFBRSxDQUFDO1FBQ1QsSUFBQSxnQkFBTSxFQUFDLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxHQUFHLENBQUMsRUFBRSxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRCwrQkFBK0I7SUFDL0IsSUFBSSxZQUFZLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztRQUNyQyxJQUFJLE9BQU8sQ0FBQywyQkFBMkIsQ0FDckMsSUFBSSxFQUNKO1lBQ0UsV0FBVyxFQUFFLEdBQUcsQ0FBQyxJQUFJO1lBQ3JCLEdBQUcsS0FBSztZQUNSLGFBQWEsRUFBRSxZQUFZO1lBQzNCLGdCQUFnQixFQUFFLFlBQVk7U0FDL0IsRUFDRCxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsQ0FDbkIsQ0FBQztRQUVGLG9DQUFvQztRQUNwQyxnRUFBZ0U7UUFDaEUsSUFBSTtJQUNOLENBQUM7U0FBTSxJQUFJLGdCQUFLO1FBQUUsSUFBQSxnQ0FBc0IsRUFBQyxFQUFFLElBQUksRUFBRSxnQkFBZ0IsRUFBRSxHQUFHLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUU3RSwyQ0FBMkM7SUFDM0MsSUFDRSxDQUFDLFlBQVksQ0FBQyxtQkFBbUIsSUFBSSxZQUFZLENBQUM7UUFDbEQsWUFBWSxDQUFDLFdBQVcsRUFDeEIsQ0FBQztRQUNELE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsMkJBQTJCLENBQUMsQ0FBQztRQUN0RSxJQUFBLHFCQUFVLEVBQUM7WUFDVCxJQUFJO1lBQ0osVUFBVSxFQUFFLFlBQWE7WUFDekIsTUFBTTtZQUNOLElBQUksRUFBRSxVQUFVO1lBQ2hCLFlBQVksRUFBRSxJQUFJO1lBQ2xCLDhCQUE4QixFQUM1QixZQUFZLENBQUMsOEJBQThCO1NBQzlDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxtQkFBbUI7SUFDbkIsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFO1FBQ25CLE1BQU0sU0FBUyxHQUFHLElBQUksT0FBTyxDQUFDLGFBQWEsQ0FBQyxDQUFDLENBQUMsSUFBSSxFQUFFO1lBQ2xELGFBQWEsRUFBRSxDQUFDLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRTtZQUNuQyxHQUFHLEtBQUs7WUFDUixXQUFXLEVBQUUsR0FBRyxDQUFDLElBQUk7WUFDckIsb0NBQW9DO1lBQ3BDLFlBQVksRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLE1BQU07U0FDekMsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLENBQUMsZUFBZSxFQUFFLENBQUM7WUFDdEIsSUFBQSx1Q0FBcUIsRUFBQztnQkFDcEIsSUFBSTtnQkFDSixjQUFjLEVBQUUsR0FBRztnQkFDbkIsS0FBSztnQkFDTCxjQUFjLEVBQUUsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDO2dCQUNoQyxLQUFLLEVBQUUsQ0FBQyxDQUFDLGVBQWU7YUFDekIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUNELE9BQU8sU0FBUyxDQUFDO0lBQ25CLENBQUMsQ0FBQyxDQUFDO0lBRUgsZUFBZTtJQUNmLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRTtRQUNmLElBQUksT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUU7WUFDbkIsU0FBUyxFQUFFLENBQUMsQ0FBQyxXQUFXLEVBQUU7WUFDMUIsV0FBVyxFQUFFLEdBQUcsQ0FBQyxJQUFJO1lBQ3JCLEdBQUcsS0FBSztTQUNULENBQUMsQ0FBQztJQUNMLENBQUMsQ0FBQyxDQUFDO0lBRUgsWUFBWTtJQUNaLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRTtRQUNuQixJQUFJLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQyxFQUFFO1lBQ3ZCLFNBQVMsRUFBRSxDQUFDLENBQUMsV0FBVyxFQUFFO1lBQzFCLFdBQVcsRUFBRSxHQUFHLENBQUMsSUFBSTtZQUNyQixHQUFHLEtBQUs7U0FDVCxDQUFDLENBQUM7SUFDTCxDQUFDLENBQUMsQ0FBQztJQUVILFlBQVk7SUFDWixHQUFHLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEVBQUU7UUFDeEIsSUFBSSxDQUFDLEVBQUU7WUFBRSxPQUFPO1FBRWhCLEdBQUcsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FDdkIsT0FBTyxDQUFDLEdBQUcsQ0FDVCw0RUFBNEUsRUFDNUUsQ0FBRSxDQUFDLFdBQVcsQ0FDZixDQUNGLENBQUM7UUFFRixNQUFNLElBQUksR0FBRyxDQUNYLE1BQU0sT0FBTyxDQUFDLHNCQUFzQixDQUFDO1lBQ25DLFdBQVcsRUFBRSxJQUFJO1lBQ2pCLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxpQkFBaUI7U0FDM0MsQ0FBQyxDQUNILENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUNqQixJQUFJLEVBQUUsQ0FBQyxDQUFDLE9BQU87WUFDZixHQUFHLEVBQUUsQ0FBQyxDQUFDLEtBQUs7WUFDWixnQkFBZ0IsRUFBRSw4Q0FBOEMsSUFBSSxlQUFlLENBQUMsQ0FBQyxLQUFLLGtDQUFrQztTQUM3SCxDQUFDLENBQUMsQ0FBQztRQUVKLElBQUksU0FBUyxFQUFFLENBQUM7WUFDZCxNQUFNO1lBQ04sSUFBQSwrQkFBZ0IsRUFBQztnQkFDZixTQUFTO2dCQUNULFdBQVcsRUFBRSxTQUFTO2dCQUN0QixhQUFhLEVBQUUsSUFBSTtnQkFDbkIsS0FBSyxFQUFFO29CQUNMO3dCQUNFLElBQUksRUFBRSxjQUFjO3dCQUNwQixLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUc7cUJBQ25CO29CQUNEO3dCQUNFLElBQUksRUFBRSxnQkFBZ0I7d0JBQ3RCLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsR0FBRztxQkFDbkI7b0JBQ0Q7d0JBQ0UsSUFBSSxFQUFFLHdCQUF3Qjt3QkFDOUIsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxnQkFBZ0I7cUJBQ2hDO29CQUNEO3dCQUNFLElBQUksRUFBRSx1QkFBdUI7d0JBQzdCLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsZ0JBQWdCO3FCQUNoQztpQkFDRjthQUNGLENBQUMsQ0FBQztRQUNMLENBQUM7SUFDSCxDQUFDLENBQUMsQ0FBQztJQUVILE9BQU87UUFDTCxPQUFPLEVBQUUsR0FBRztRQUNaLFVBQVUsRUFBRTtZQUNWLGNBQWM7WUFDZCxnQkFBZ0I7WUFDaEIsd0JBQXdCO1lBQ3hCLHVCQUF1QjtTQUN4QjtRQUNELG1CQUFtQixFQUFFLENBQUMsT0FBZSx3QkFBd0IsRUFBRSxFQUFFLENBQy9ELFNBQVM7WUFDUCxDQUFDLENBQUMsSUFBQSxrQkFBUyxFQUFDLEVBQUUsSUFBSSxFQUFFLGFBQWEsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLENBQUM7WUFDckQsQ0FBQyxDQUFDLFNBQVM7S0FDaEIsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9
|