@drunk-pulumi/azure 0.0.24 → 0.0.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AzAd/EnvRoles.d.ts +8 -4
- package/AzAd/EnvRoles.js +28 -29
- package/AzAd/Group.d.ts +3 -3
- package/AzAd/Group.js +9 -9
- package/AzAd/Identity.js +2 -2
- package/AzAd/KeyVaultRoles.d.ts +8 -0
- package/AzAd/KeyVaultRoles.js +53 -0
- package/AzAd/Role.d.ts +5 -6
- package/AzAd/Role.js +11 -8
- package/AzAd/UserIdentity.d.ts +5 -0
- package/AzAd/UserIdentity.js +12 -0
- package/Cdn/index.d.ts +2 -2
- package/Cdn/index.js +14 -14
- package/Common/AutoTags.js +8 -7
- package/Common/AzureEnv.d.ts +1 -0
- package/Common/AzureEnv.js +5 -2
- package/Common/Naming/AzureRegions.d.ts +4 -0
- package/Common/Naming/AzureRegions.js +49 -0
- package/Common/ResourceEnv.d.ts +1 -4
- package/Common/ResourceEnv.js +9 -4
- package/KeyVault/Helper.d.ts +8 -3
- package/KeyVault/Helper.js +32 -12
- package/KeyVault/VaultPermissions.d.ts +18 -17
- package/KeyVault/VaultPermissions.js +146 -89
- package/KeyVault/index.d.ts +1 -6
- package/KeyVault/index.js +29 -66
- package/MySql/index.d.ts +18 -7
- package/MySql/index.js +94 -32
- package/Postgresql/index.d.ts +7 -4
- package/Postgresql/index.js +29 -12
- package/Sql/SqlDb.d.ts +4 -4
- package/Sql/SqlDb.js +13 -13
- package/Sql/index.d.ts +11 -10
- package/Sql/index.js +88 -56
- package/Storage/index.d.ts +3 -3
- package/Storage/index.js +21 -25
- package/VNet/PrivateEndpoint.js +3 -1
- package/package.json +3 -3
- package/types.d.ts +2 -0
- package/KeyVault/VaultAccess.d.ts +0 -15
- package/KeyVault/VaultAccess.js +0 -47
package/Common/ResourceEnv.d.ts
CHANGED
|
@@ -1,9 +1,6 @@
|
|
|
1
1
|
import { ConventionProps, ResourceGroupInfo } from '../types';
|
|
2
2
|
import { Input } from '@pulumi/pulumi';
|
|
3
|
-
export declare const resourceConvention:
|
|
4
|
-
prefix: string;
|
|
5
|
-
suffix: undefined;
|
|
6
|
-
};
|
|
3
|
+
export declare const resourceConvention: ConventionProps;
|
|
7
4
|
/** The method to get Resource Name. This is not applicable for Azure Storage Account and CosmosDb*/
|
|
8
5
|
export declare const getResourceName: (name: string, convention?: ConventionProps) => string;
|
|
9
6
|
export interface ResourceInfoArg {
|
package/Common/ResourceEnv.js
CHANGED
|
@@ -3,8 +3,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.getResourceName = exports.resourceConvention = void 0;
|
|
4
4
|
const Helpers_1 = require("./Helpers");
|
|
5
5
|
const StackEnv_1 = require("./StackEnv");
|
|
6
|
+
const AzureEnv_1 = require("./AzureEnv");
|
|
6
7
|
exports.resourceConvention = {
|
|
7
8
|
prefix: StackEnv_1.stack,
|
|
9
|
+
includeRegion: true,
|
|
8
10
|
suffix: undefined, //This may be specified by each resource name
|
|
9
11
|
};
|
|
10
12
|
/** ==================== Resources Variables ========================= */
|
|
@@ -12,12 +14,15 @@ const getName = (name, convention) => {
|
|
|
12
14
|
if (!name)
|
|
13
15
|
return name;
|
|
14
16
|
name = (0, Helpers_1.replaceAll)(name, ' ', '-');
|
|
15
|
-
//Add prefix
|
|
16
|
-
if (convention.prefix && !name.startsWith(convention.prefix))
|
|
17
|
-
name = convention.prefix + '-' + name;
|
|
18
17
|
//Organization
|
|
19
18
|
if (convention.includeOrgName && !name.includes(StackEnv_1.organization))
|
|
20
19
|
name = name + '-' + StackEnv_1.organization;
|
|
20
|
+
//Region
|
|
21
|
+
if (convention.includeRegion && AzureEnv_1.currentLocationCode && !name.includes(AzureEnv_1.currentLocationCode))
|
|
22
|
+
name = name + '-' + AzureEnv_1.currentLocationCode;
|
|
23
|
+
//Add prefix
|
|
24
|
+
if (convention.prefix && !name.startsWith(convention.prefix))
|
|
25
|
+
name = convention.prefix + '-' + name;
|
|
21
26
|
//Add the suffix
|
|
22
27
|
if (convention.suffix && !name.endsWith(convention.suffix))
|
|
23
28
|
name = name + '-' + convention.suffix;
|
|
@@ -26,4 +31,4 @@ const getName = (name, convention) => {
|
|
|
26
31
|
/** The method to get Resource Name. This is not applicable for Azure Storage Account and CosmosDb*/
|
|
27
32
|
const getResourceName = (name, convention) => getName(name, { ...exports.resourceConvention, ...convention });
|
|
28
33
|
exports.getResourceName = getResourceName;
|
|
29
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
34
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUmVzb3VyY2VFbnYuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvQ29tbW9uL1Jlc291cmNlRW52LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHVDQUF1QztBQUd2Qyx5Q0FBaUQ7QUFDakQseUNBQStDO0FBRWxDLFFBQUEsa0JBQWtCLEdBQW1CO0lBQ2hELE1BQU0sRUFBRSxnQkFBSztJQUNiLGFBQWEsRUFBRSxJQUFJO0lBQ25CLE1BQU0sRUFBRSxTQUFTLEVBQUUsNkNBQTZDO0NBQ2pFLENBQUM7QUFFRix5RUFBeUU7QUFFekUsTUFBTSxPQUFPLEdBQUcsQ0FBQyxJQUFZLEVBQUUsVUFBMkIsRUFBVSxFQUFFO0lBQ3BFLElBQUksQ0FBQyxJQUFJO1FBQUUsT0FBTyxJQUFJLENBQUM7SUFDdkIsSUFBSSxHQUFHLElBQUEsb0JBQVUsRUFBQyxJQUFJLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDO0lBRWxDLGNBQWM7SUFDZCxJQUFJLFVBQVUsQ0FBQyxjQUFjLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLHVCQUFZLENBQUM7UUFDM0QsSUFBSSxHQUFHLElBQUksR0FBRyxHQUFHLEdBQUcsdUJBQVksQ0FBQztJQUVuQyxRQUFRO0lBQ1IsSUFBSSxVQUFVLENBQUMsYUFBYSxJQUFJLDhCQUFtQixJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyw4QkFBbUIsQ0FBQztRQUN4RixJQUFJLEdBQUcsSUFBSSxHQUFHLEdBQUcsR0FBRyw4QkFBbUIsQ0FBQztJQUUxQyxZQUFZO0lBQ1osSUFBSSxVQUFVLENBQUMsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDO1FBQzFELElBQUksR0FBRyxVQUFVLENBQUMsTUFBTSxHQUFHLEdBQUcsR0FBRyxJQUFJLENBQUM7SUFFeEMsZ0JBQWdCO0lBQ2hCLElBQUksVUFBVSxDQUFDLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQztRQUN4RCxJQUFJLEdBQUcsSUFBSSxHQUFHLEdBQUcsR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDO0lBRXhDLE9BQU8sSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO0FBQzVCLENBQUMsQ0FBQztBQUVGLG9HQUFvRztBQUM3RixNQUFNLGVBQWUsR0FBRyxDQUM3QixJQUFZLEVBQ1osVUFBNEIsRUFDcEIsRUFBRSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsRUFBRSxHQUFHLDBCQUFrQixFQUFFLEdBQUcsVUFBVSxFQUFFLENBQUMsQ0FBQztBQUh4RCxRQUFBLGVBQWUsbUJBR3lDIn0=
|
package/KeyVault/Helper.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { Input, Resource } from
|
|
2
|
-
import { KeyVaultInfo } from
|
|
1
|
+
import { Input, Resource } from "@pulumi/pulumi";
|
|
2
|
+
import { KeyVaultInfo } from "../types";
|
|
3
3
|
type SecretProps = {
|
|
4
4
|
name: string;
|
|
5
5
|
value: Input<string>;
|
|
@@ -16,9 +16,10 @@ type GetVaultItemProps = {
|
|
|
16
16
|
vaultInfo: KeyVaultInfo;
|
|
17
17
|
nameFormatted?: boolean;
|
|
18
18
|
};
|
|
19
|
-
export declare const addKey: ({ name, vaultInfo, tags, dependsOn, }: Omit<SecretProps,
|
|
19
|
+
export declare const addKey: ({ name, vaultInfo, tags, dependsOn, }: Omit<SecretProps, "value" | "contentType">) => import("@pulumi/azure-native/keyvault/key").Key;
|
|
20
20
|
/** Get Key */
|
|
21
21
|
export declare const getKey: ({ name, version, vaultInfo, nameFormatted, }: GetVaultItemProps) => Promise<import("@azure/keyvault-keys").KeyVaultKey | undefined>;
|
|
22
|
+
export declare const getEncryptionKey: (name: string, vaultInfo: KeyVaultInfo) => import("@pulumi/pulumi").Output<import("@pulumi/pulumi").UnwrappedObject<import("@azure/keyvault-keys").KeyVaultKey> | undefined>;
|
|
22
23
|
/** Get Secret */
|
|
23
24
|
export declare const getSecret: ({ name, version, vaultInfo, nameFormatted, }: GetVaultItemProps) => Promise<import("@azure/keyvault-secrets").KeyVaultSecret | undefined>;
|
|
24
25
|
interface KeyResult {
|
|
@@ -30,4 +31,8 @@ interface KeyResult {
|
|
|
30
31
|
}
|
|
31
32
|
/** Convert VaultId to VaultInfo */
|
|
32
33
|
export declare const parseKeyUrl: (keyUrl: string) => KeyResult;
|
|
34
|
+
export declare const getVaultRoleNames: (nameOrInfo: string | KeyVaultInfo) => Promise<{
|
|
35
|
+
readOnly: string;
|
|
36
|
+
admin: string;
|
|
37
|
+
} | undefined>;
|
|
33
38
|
export {};
|
package/KeyVault/Helper.js
CHANGED
|
@@ -1,27 +1,29 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.parseKeyUrl = exports.getSecret = exports.getKey = exports.addKey = void 0;
|
|
3
|
+
exports.getVaultRoleNames = exports.parseKeyUrl = exports.getSecret = exports.getEncryptionKey = exports.getKey = exports.addKey = void 0;
|
|
4
4
|
const keyvault = require("@pulumi/azure-native/keyvault");
|
|
5
|
+
const pulumi_1 = require("@pulumi/pulumi");
|
|
5
6
|
const Naming_1 = require("../Common/Naming");
|
|
6
7
|
const Helpers_1 = require("../Common/Helpers");
|
|
7
8
|
const KeyVaultBase_1 = require("@drunk-pulumi/azure-providers/AzBase/KeyVaultBase");
|
|
9
|
+
const VaultRole = require("../AzAd/KeyVaultRoles");
|
|
8
10
|
const addKey = ({ name, vaultInfo, tags, dependsOn, }) => {
|
|
9
11
|
const n = (0, Naming_1.getSecretName)(name);
|
|
10
|
-
return new keyvault.Key((0, Helpers_1.replaceAll)(name,
|
|
12
|
+
return new keyvault.Key((0, Helpers_1.replaceAll)(name, ".", "-"), {
|
|
11
13
|
keyName: n,
|
|
12
14
|
vaultName: vaultInfo.name,
|
|
13
15
|
...vaultInfo.group,
|
|
14
16
|
//https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.keyvault.webkey?view=azure-dotnet-legacy
|
|
15
17
|
properties: {
|
|
16
18
|
keySize: 2048,
|
|
17
|
-
kty:
|
|
19
|
+
kty: "RSA",
|
|
18
20
|
keyOps: [
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
21
|
+
"decrypt",
|
|
22
|
+
"encrypt",
|
|
23
|
+
"sign",
|
|
24
|
+
"verify",
|
|
25
|
+
"wrapKey",
|
|
26
|
+
"unwrapKey",
|
|
25
27
|
],
|
|
26
28
|
//curveName: 'P512',
|
|
27
29
|
attributes: { enabled: true },
|
|
@@ -37,6 +39,11 @@ const getKey = async ({ name, version, vaultInfo, nameFormatted, }) => {
|
|
|
37
39
|
return client.getKey(n, version);
|
|
38
40
|
};
|
|
39
41
|
exports.getKey = getKey;
|
|
42
|
+
const getEncryptionKey = (name, vaultInfo) => {
|
|
43
|
+
const n = `${name}-encrypt-key`;
|
|
44
|
+
return (0, pulumi_1.output)((0, KeyVaultBase_1.getKeyVaultBase)(vaultInfo.name).getOrCreateKey(n));
|
|
45
|
+
};
|
|
46
|
+
exports.getEncryptionKey = getEncryptionKey;
|
|
40
47
|
/** Get Secret */
|
|
41
48
|
const getSecret = async ({ name, version, vaultInfo, nameFormatted, }) => {
|
|
42
49
|
const n = nameFormatted ? name : (0, Naming_1.getSecretName)(name);
|
|
@@ -46,13 +53,26 @@ const getSecret = async ({ name, version, vaultInfo, nameFormatted, }) => {
|
|
|
46
53
|
exports.getSecret = getSecret;
|
|
47
54
|
/** Convert VaultId to VaultInfo */
|
|
48
55
|
const parseKeyUrl = (keyUrl) => {
|
|
49
|
-
const splits = keyUrl.split(
|
|
56
|
+
const splits = keyUrl.split("/");
|
|
50
57
|
return {
|
|
51
58
|
keyIdentityUrl: keyUrl,
|
|
52
59
|
name: splits[4],
|
|
53
|
-
version: splits.length > 4 ? splits[5] :
|
|
60
|
+
version: splits.length > 4 ? splits[5] : "",
|
|
54
61
|
vaultUrl: `https://${splits[2]}`,
|
|
55
62
|
};
|
|
56
63
|
};
|
|
57
64
|
exports.parseKeyUrl = parseKeyUrl;
|
|
58
|
-
|
|
65
|
+
const getVaultRoleNames = async (nameOrInfo) => {
|
|
66
|
+
if (typeof nameOrInfo === "string") {
|
|
67
|
+
return VaultRole.getVaultRoleNames(nameOrInfo);
|
|
68
|
+
}
|
|
69
|
+
const value = await (0, exports.getSecret)({
|
|
70
|
+
name: "VaultRoleNames",
|
|
71
|
+
vaultInfo: nameOrInfo,
|
|
72
|
+
});
|
|
73
|
+
return value
|
|
74
|
+
? JSON.parse(value.value)
|
|
75
|
+
: undefined;
|
|
76
|
+
};
|
|
77
|
+
exports.getVaultRoleNames = getVaultRoleNames;
|
|
78
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL0tleVZhdWx0L0hlbHBlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwwREFBMEQ7QUFDMUQsMkNBQXlEO0FBRXpELDZDQUFpRDtBQUNqRCwrQ0FBK0M7QUFDL0Msb0ZBQW9GO0FBQ3BGLG1EQUFtRDtBQXdCNUMsTUFBTSxNQUFNLEdBQUcsQ0FBQyxFQUNyQixJQUFJLEVBQ0osU0FBUyxFQUNULElBQUksRUFDSixTQUFTLEdBQ2tDLEVBQUUsRUFBRTtJQUMvQyxNQUFNLENBQUMsR0FBRyxJQUFBLHNCQUFhLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFFOUIsT0FBTyxJQUFJLFFBQVEsQ0FBQyxHQUFHLENBQ3JCLElBQUEsb0JBQVUsRUFBQyxJQUFJLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxFQUMxQjtRQUNFLE9BQU8sRUFBRSxDQUFDO1FBQ1YsU0FBUyxFQUFFLFNBQVMsQ0FBQyxJQUFJO1FBQ3pCLEdBQUcsU0FBUyxDQUFDLEtBQUs7UUFDbEIsc0dBQXNHO1FBQ3RHLFVBQVUsRUFBRTtZQUNWLE9BQU8sRUFBRSxJQUFJO1lBQ2IsR0FBRyxFQUFFLEtBQUs7WUFDVixNQUFNLEVBQUU7Z0JBQ04sU0FBUztnQkFDVCxTQUFTO2dCQUNULE1BQU07Z0JBQ04sUUFBUTtnQkFDUixTQUFTO2dCQUNULFdBQVc7YUFDWjtZQUNELG9CQUFvQjtZQUNwQixVQUFVLEVBQUUsRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFO1NBQzlCO1FBQ0QsSUFBSTtLQUNMLEVBQ0QsRUFBRSxTQUFTLEVBQUUsQ0FDZCxDQUFDO0FBQ0osQ0FBQyxDQUFDO0FBakNXLFFBQUEsTUFBTSxVQWlDakI7QUFFRixjQUFjO0FBQ1AsTUFBTSxNQUFNLEdBQUcsS0FBSyxFQUFFLEVBQzNCLElBQUksRUFDSixPQUFPLEVBQ1AsU0FBUyxFQUNULGFBQWEsR0FDSyxFQUFFLEVBQUU7SUFDdEIsTUFBTSxDQUFDLEdBQUcsYUFBYSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLElBQUEsc0JBQWEsRUFBQyxJQUFJLENBQUMsQ0FBQztJQUNyRCxNQUFNLE1BQU0sR0FBRyxJQUFBLDhCQUFlLEVBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQy9DLE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEVBQUUsT0FBTyxDQUFDLENBQUM7QUFDbkMsQ0FBQyxDQUFDO0FBVFcsUUFBQSxNQUFNLFVBU2pCO0FBRUssTUFBTSxnQkFBZ0IsR0FBRyxDQUFDLElBQVksRUFBRSxTQUF1QixFQUFFLEVBQUU7SUFDeEUsTUFBTSxDQUFDLEdBQUcsR0FBRyxJQUFJLGNBQWMsQ0FBQztJQUNoQyxPQUFPLElBQUEsZUFBTSxFQUFDLElBQUEsOEJBQWUsRUFBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUMsY0FBYyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDbkUsQ0FBQyxDQUFDO0FBSFcsUUFBQSxnQkFBZ0Isb0JBRzNCO0FBRUYsaUJBQWlCO0FBQ1YsTUFBTSxTQUFTLEdBQUcsS0FBSyxFQUFFLEVBQzlCLElBQUksRUFDSixPQUFPLEVBQ1AsU0FBUyxFQUNULGFBQWEsR0FDSyxFQUFFLEVBQUU7SUFDdEIsTUFBTSxDQUFDLEdBQUcsYUFBYSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLElBQUEsc0JBQWEsRUFBQyxJQUFJLENBQUMsQ0FBQztJQUNyRCxNQUFNLE1BQU0sR0FBRyxJQUFBLDhCQUFlLEVBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQy9DLE9BQU8sTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsT0FBTyxDQUFDLENBQUM7QUFDdEMsQ0FBQyxDQUFDO0FBVFcsUUFBQSxTQUFTLGFBU3BCO0FBVUYsbUNBQW1DO0FBQzVCLE1BQU0sV0FBVyxHQUFHLENBQUMsTUFBYyxFQUFhLEVBQUU7SUFDdkQsTUFBTSxNQUFNLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNqQyxPQUFPO1FBQ0wsY0FBYyxFQUFFLE1BQU07UUFDdEIsSUFBSSxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUM7UUFDZixPQUFPLEVBQUUsTUFBTSxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRTtRQUMzQyxRQUFRLEVBQUUsV0FBVyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUU7S0FDakMsQ0FBQztBQUNKLENBQUMsQ0FBQztBQVJXLFFBQUEsV0FBVyxlQVF0QjtBQUVLLE1BQU0saUJBQWlCLEdBQUcsS0FBSyxFQUFFLFVBQWlDLEVBQUUsRUFBRTtJQUMzRSxJQUFJLE9BQU8sVUFBVSxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQ25DLE9BQU8sU0FBUyxDQUFDLGlCQUFpQixDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQ2pELENBQUM7SUFDRCxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUEsaUJBQVMsRUFBQztRQUM1QixJQUFJLEVBQUUsZ0JBQWdCO1FBQ3RCLFNBQVMsRUFBRSxVQUFVO0tBQ3RCLENBQUMsQ0FBQztJQUNILE9BQU8sS0FBSztRQUNWLENBQUMsQ0FBRSxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFNLENBQXlDO1FBQ25FLENBQUMsQ0FBQyxTQUFTLENBQUM7QUFDaEIsQ0FBQyxDQUFDO0FBWFcsUUFBQSxpQkFBaUIscUJBVzVCIn0=
|
|
@@ -1,26 +1,27 @@
|
|
|
1
|
-
import * as pulumi from
|
|
2
|
-
import * as native from
|
|
1
|
+
import * as pulumi from "@pulumi/pulumi";
|
|
2
|
+
import * as native from "@pulumi/azure-native";
|
|
3
|
+
import * as azuread from "@pulumi/azuread";
|
|
4
|
+
import { KeyVaultInfo } from "../types";
|
|
3
5
|
export interface PermissionProps {
|
|
4
6
|
/** The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. */
|
|
5
7
|
objectId: pulumi.Input<string>;
|
|
6
8
|
/** Application ID of the client making request on behalf of a principal */
|
|
7
9
|
applicationId?: pulumi.Input<string>;
|
|
8
|
-
permission:
|
|
10
|
+
permission: "ReadOnly" | "ReadWrite";
|
|
9
11
|
principalType?: native.authorization.PrincipalType;
|
|
10
12
|
}
|
|
11
|
-
export declare const
|
|
13
|
+
export declare const grantVaultAccessToIdentity: ({ name, identity, vaultInfo, }: {
|
|
12
14
|
name: string;
|
|
13
|
-
|
|
15
|
+
identity: pulumi.Output<{
|
|
16
|
+
principalId: string;
|
|
17
|
+
} | undefined>;
|
|
18
|
+
vaultInfo: KeyVaultInfo;
|
|
19
|
+
}) => pulumi.OutputInstance<void>;
|
|
20
|
+
export declare const grantVaultPermissionToRole: ({ name, vaultInfo, roles, }: {
|
|
21
|
+
name: string;
|
|
22
|
+
vaultInfo: KeyVaultInfo;
|
|
23
|
+
roles: {
|
|
24
|
+
adminGroup: pulumi.Output<azuread.Group>;
|
|
25
|
+
readOnlyGroup: pulumi.Output<azuread.Group>;
|
|
26
|
+
};
|
|
14
27
|
}) => void;
|
|
15
|
-
export declare const KeyVaultAdminPolicy: {
|
|
16
|
-
certificates: string[];
|
|
17
|
-
keys: string[];
|
|
18
|
-
secrets: string[];
|
|
19
|
-
storage: string[];
|
|
20
|
-
};
|
|
21
|
-
export declare const KeyVaultReadOnlyPolicy: {
|
|
22
|
-
certificates: string[];
|
|
23
|
-
keys: string[];
|
|
24
|
-
secrets: string[];
|
|
25
|
-
storage: string[];
|
|
26
|
-
};
|
|
@@ -1,31 +1,36 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.grantVaultPermissionToRole = exports.grantVaultAccessToIdentity = void 0;
|
|
4
|
+
const pulumi = require("@pulumi/pulumi");
|
|
4
5
|
const RoleAssignment_1 = require("../AzAd/RoleAssignment");
|
|
5
|
-
const
|
|
6
|
+
const CustomHelper_1 = require("./CustomHelper");
|
|
7
|
+
const AzDevOps_1 = require("../AzAd/Identities/AzDevOps");
|
|
8
|
+
const Helper_1 = require("./Helper");
|
|
9
|
+
const Group_1 = require("../AzAd/Group");
|
|
10
|
+
const grantVaultRbacPermission = ({ name, objectId, permission, scope, principalType = "User", }) => {
|
|
6
11
|
const vn = `${name}-${permission}`.toLowerCase();
|
|
7
12
|
const defaultProps = {
|
|
8
13
|
principalId: objectId,
|
|
9
14
|
scope,
|
|
10
15
|
};
|
|
11
16
|
//ReadOnly
|
|
12
|
-
if (permission ===
|
|
17
|
+
if (permission === "ReadOnly") {
|
|
13
18
|
(0, RoleAssignment_1.roleAssignment)({
|
|
14
19
|
...defaultProps,
|
|
15
20
|
name: `${vn}-encrypt`,
|
|
16
|
-
roleName:
|
|
21
|
+
roleName: "Key Vault Crypto Service Encryption User",
|
|
17
22
|
principalType,
|
|
18
23
|
});
|
|
19
24
|
(0, RoleAssignment_1.roleAssignment)({
|
|
20
25
|
...defaultProps,
|
|
21
26
|
name: `${vn}-crypto`,
|
|
22
|
-
roleName:
|
|
27
|
+
roleName: "Key Vault Crypto User",
|
|
23
28
|
principalType,
|
|
24
29
|
});
|
|
25
30
|
(0, RoleAssignment_1.roleAssignment)({
|
|
26
31
|
...defaultProps,
|
|
27
32
|
name: `${vn}-secret`,
|
|
28
|
-
roleName:
|
|
33
|
+
roleName: "Key Vault Secrets User",
|
|
29
34
|
principalType,
|
|
30
35
|
});
|
|
31
36
|
//Read and Write
|
|
@@ -34,108 +39,160 @@ const grantVaultRbacPermission = ({ name, objectId, permission, scope, principal
|
|
|
34
39
|
(0, RoleAssignment_1.roleAssignment)({
|
|
35
40
|
...defaultProps,
|
|
36
41
|
name: `${vn}-contributor`,
|
|
37
|
-
roleName:
|
|
42
|
+
roleName: "Key Vault Administrator",
|
|
38
43
|
principalType,
|
|
39
44
|
});
|
|
40
45
|
(0, RoleAssignment_1.roleAssignment)({
|
|
41
46
|
...defaultProps,
|
|
42
47
|
name: `${vn}-cert`,
|
|
43
|
-
roleName:
|
|
48
|
+
roleName: "Key Vault Certificates Officer",
|
|
44
49
|
principalType,
|
|
45
50
|
});
|
|
46
51
|
(0, RoleAssignment_1.roleAssignment)({
|
|
47
52
|
...defaultProps,
|
|
48
53
|
name: `${vn}-crypto`,
|
|
49
|
-
roleName:
|
|
54
|
+
roleName: "Key Vault Crypto Officer",
|
|
50
55
|
principalType,
|
|
51
56
|
});
|
|
52
57
|
(0, RoleAssignment_1.roleAssignment)({
|
|
53
58
|
...defaultProps,
|
|
54
59
|
name: `${vn}-secret`,
|
|
55
|
-
roleName:
|
|
60
|
+
roleName: "Key Vault Secrets Officer",
|
|
56
61
|
principalType,
|
|
57
62
|
});
|
|
58
63
|
}
|
|
59
64
|
};
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
'DeleteSAS',
|
|
111
|
-
'Get',
|
|
112
|
-
'GetSAS',
|
|
113
|
-
'List',
|
|
114
|
-
'ListSAS',
|
|
115
|
-
'Purge',
|
|
116
|
-
'Recover',
|
|
117
|
-
'RegenerateKey',
|
|
118
|
-
'Restore',
|
|
119
|
-
'Set',
|
|
120
|
-
'SetSAS',
|
|
121
|
-
'Update',
|
|
122
|
-
],
|
|
123
|
-
};
|
|
124
|
-
exports.KeyVaultReadOnlyPolicy = {
|
|
125
|
-
certificates: ['Get', 'List'],
|
|
126
|
-
keys: [
|
|
127
|
-
'Get',
|
|
128
|
-
'List',
|
|
129
|
-
'Decrypt',
|
|
130
|
-
'Encrypt',
|
|
131
|
-
'Sign',
|
|
132
|
-
'UnwrapKey',
|
|
133
|
-
'Verify',
|
|
134
|
-
'WrapKey',
|
|
135
|
-
],
|
|
136
|
-
secrets: ['Get', 'List'],
|
|
137
|
-
storage: ['Get', 'List'],
|
|
65
|
+
const grantVaultAccessToIdentity = ({ name, identity, vaultInfo, }) => identity.apply(async (i) => {
|
|
66
|
+
if (!i)
|
|
67
|
+
return;
|
|
68
|
+
const vaultRole = await (0, Helper_1.getVaultRoleNames)(vaultInfo);
|
|
69
|
+
if (!vaultRole)
|
|
70
|
+
return;
|
|
71
|
+
(0, Group_1.addMemberToGroup)({
|
|
72
|
+
name: `${name}-identity-readAccess-${vaultInfo.name}`,
|
|
73
|
+
objectId: i.principalId,
|
|
74
|
+
groupObjectId: (0, Group_1.getAdGroup)(vaultRole.readOnly).objectId,
|
|
75
|
+
});
|
|
76
|
+
});
|
|
77
|
+
exports.grantVaultAccessToIdentity = grantVaultAccessToIdentity;
|
|
78
|
+
const grantVaultPermissionToRole = ({ name, vaultInfo, roles, }) => {
|
|
79
|
+
//Grant RBAC permission to Group
|
|
80
|
+
grantVaultRbacPermission({
|
|
81
|
+
name: `${name}-ReadOnlyGroup`,
|
|
82
|
+
scope: vaultInfo.id,
|
|
83
|
+
objectId: roles.readOnlyGroup.objectId,
|
|
84
|
+
permission: "ReadOnly",
|
|
85
|
+
principalType: "Group",
|
|
86
|
+
});
|
|
87
|
+
grantVaultRbacPermission({
|
|
88
|
+
name: `${name}-AdminGroup`,
|
|
89
|
+
scope: vaultInfo.id,
|
|
90
|
+
objectId: roles.adminGroup.objectId,
|
|
91
|
+
permission: "ReadWrite",
|
|
92
|
+
principalType: "Group",
|
|
93
|
+
});
|
|
94
|
+
//Grant Admin RBAC permission current ADO Identity as the Group will be take time to be effective
|
|
95
|
+
const ado = (0, AzDevOps_1.getAdoIdentity)();
|
|
96
|
+
grantVaultRbacPermission({
|
|
97
|
+
name: `${name}-Admin-Ado`,
|
|
98
|
+
scope: vaultInfo.id,
|
|
99
|
+
objectId: ado.principal.objectId,
|
|
100
|
+
permission: "ReadWrite",
|
|
101
|
+
principalType: "ServicePrincipal",
|
|
102
|
+
});
|
|
103
|
+
//Add RoleNames to vault
|
|
104
|
+
(0, CustomHelper_1.addCustomSecret)({
|
|
105
|
+
name: "VaultRoleNames",
|
|
106
|
+
value: pulumi
|
|
107
|
+
.output({
|
|
108
|
+
admin: roles.adminGroup.displayName,
|
|
109
|
+
readOnly: roles.readOnlyGroup.displayName,
|
|
110
|
+
})
|
|
111
|
+
.apply((role) => JSON.stringify(role)),
|
|
112
|
+
vaultInfo,
|
|
113
|
+
contentType: "KeyVault Roles Names",
|
|
114
|
+
});
|
|
138
115
|
};
|
|
116
|
+
exports.grantVaultPermissionToRole = grantVaultPermissionToRole;
|
|
117
|
+
// export const KeyVaultAdminPolicy = {
|
|
118
|
+
// certificates: [
|
|
119
|
+
// 'Backup',
|
|
120
|
+
// 'Create',
|
|
121
|
+
// 'Delete',
|
|
122
|
+
// 'DeleteIssuers',
|
|
123
|
+
// 'Get',
|
|
124
|
+
// 'GetIssuers',
|
|
125
|
+
// 'Import',
|
|
126
|
+
// 'List',
|
|
127
|
+
// 'ManageContacts',
|
|
128
|
+
// 'ManageIssuers',
|
|
129
|
+
// 'Purge',
|
|
130
|
+
// 'Recover',
|
|
131
|
+
// 'Restore',
|
|
132
|
+
// 'SetIssuers',
|
|
133
|
+
// 'Update',
|
|
134
|
+
// ],
|
|
135
|
+
// keys: [
|
|
136
|
+
// 'Backup',
|
|
137
|
+
// 'Create',
|
|
138
|
+
// 'Decrypt',
|
|
139
|
+
// 'Delete',
|
|
140
|
+
// 'Encrypt',
|
|
141
|
+
// 'Get',
|
|
142
|
+
// 'Import',
|
|
143
|
+
// 'List',
|
|
144
|
+
// 'Purge',
|
|
145
|
+
// 'Recover',
|
|
146
|
+
// 'Restore',
|
|
147
|
+
// 'Sign',
|
|
148
|
+
// 'UnwrapKey',
|
|
149
|
+
// 'Update',
|
|
150
|
+
// 'Verify',
|
|
151
|
+
// 'WrapKey',
|
|
152
|
+
// ],
|
|
153
|
+
// secrets: [
|
|
154
|
+
// 'Backup',
|
|
155
|
+
// 'Delete',
|
|
156
|
+
// 'Get',
|
|
157
|
+
// 'List',
|
|
158
|
+
// 'Purge',
|
|
159
|
+
// 'Recover',
|
|
160
|
+
// 'Restore',
|
|
161
|
+
// 'Set',
|
|
162
|
+
// ],
|
|
163
|
+
// storage: [
|
|
164
|
+
// 'Backup',
|
|
165
|
+
// 'Delete',
|
|
166
|
+
// 'DeleteSAS',
|
|
167
|
+
// 'Get',
|
|
168
|
+
// 'GetSAS',
|
|
169
|
+
// 'List',
|
|
170
|
+
// 'ListSAS',
|
|
171
|
+
// 'Purge',
|
|
172
|
+
// 'Recover',
|
|
173
|
+
// 'RegenerateKey',
|
|
174
|
+
// 'Restore',
|
|
175
|
+
// 'Set',
|
|
176
|
+
// 'SetSAS',
|
|
177
|
+
// 'Update',
|
|
178
|
+
// ],
|
|
179
|
+
// };
|
|
180
|
+
//
|
|
181
|
+
// export const KeyVaultReadOnlyPolicy = {
|
|
182
|
+
// certificates: ['Get', 'List'],
|
|
183
|
+
// keys: [
|
|
184
|
+
// 'Get',
|
|
185
|
+
// 'List',
|
|
186
|
+
// 'Decrypt',
|
|
187
|
+
// 'Encrypt',
|
|
188
|
+
// 'Sign',
|
|
189
|
+
// 'UnwrapKey',
|
|
190
|
+
// 'Verify',
|
|
191
|
+
// 'WrapKey',
|
|
192
|
+
// ],
|
|
193
|
+
// secrets: ['Get', 'List'],
|
|
194
|
+
// storage: ['Get', 'List'],
|
|
195
|
+
// };
|
|
139
196
|
// export const grantVaultAccessPolicy = ({
|
|
140
197
|
// name,
|
|
141
198
|
// objectId,
|
|
@@ -166,4 +223,4 @@ exports.KeyVaultReadOnlyPolicy = {
|
|
|
166
223
|
// ? KeyVaultReadOnlyPolicy.storage
|
|
167
224
|
// : KeyVaultAdminPolicy.storage,
|
|
168
225
|
// });
|
|
169
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
226
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVmF1bHRQZXJtaXNzaW9ucy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9LZXlWYXVsdC9WYXVsdFBlcm1pc3Npb25zLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHlDQUF5QztBQUN6QywyREFBd0Q7QUFHeEQsaURBQWlEO0FBRWpELDBEQUE2RDtBQUM3RCxxQ0FBNkM7QUFDN0MseUNBQTZEO0FBVzdELE1BQU0sd0JBQXdCLEdBQUcsQ0FBQyxFQUNoQyxJQUFJLEVBQ0osUUFBUSxFQUNSLFVBQVUsRUFDVixLQUFLLEVBQ0wsYUFBYSxHQUFHLE1BQU0sR0FJdkIsRUFBRSxFQUFFO0lBQ0gsTUFBTSxFQUFFLEdBQUcsR0FBRyxJQUFJLElBQUksVUFBVSxFQUFFLENBQUMsV0FBVyxFQUFFLENBQUM7SUFFakQsTUFBTSxZQUFZLEdBQUc7UUFDbkIsV0FBVyxFQUFFLFFBQVE7UUFDckIsS0FBSztLQUNOLENBQUM7SUFFRixVQUFVO0lBQ1YsSUFBSSxVQUFVLEtBQUssVUFBVSxFQUFFLENBQUM7UUFDOUIsSUFBQSwrQkFBYyxFQUFDO1lBQ2IsR0FBRyxZQUFZO1lBQ2YsSUFBSSxFQUFFLEdBQUcsRUFBRSxVQUFVO1lBQ3JCLFFBQVEsRUFBRSwwQ0FBMEM7WUFDcEQsYUFBYTtTQUNkLENBQUMsQ0FBQztRQUNILElBQUEsK0JBQWMsRUFBQztZQUNiLEdBQUcsWUFBWTtZQUNmLElBQUksRUFBRSxHQUFHLEVBQUUsU0FBUztZQUNwQixRQUFRLEVBQUUsdUJBQXVCO1lBQ2pDLGFBQWE7U0FDZCxDQUFDLENBQUM7UUFDSCxJQUFBLCtCQUFjLEVBQUM7WUFDYixHQUFHLFlBQVk7WUFDZixJQUFJLEVBQUUsR0FBRyxFQUFFLFNBQVM7WUFDcEIsUUFBUSxFQUFFLHdCQUF3QjtZQUNsQyxhQUFhO1NBQ2QsQ0FBQyxDQUFDO1FBQ0gsZ0JBQWdCO0lBQ2xCLENBQUM7U0FBTSxDQUFDO1FBQ04sSUFBQSwrQkFBYyxFQUFDO1lBQ2IsR0FBRyxZQUFZO1lBQ2YsSUFBSSxFQUFFLEdBQUcsRUFBRSxjQUFjO1lBQ3pCLFFBQVEsRUFBRSx5QkFBeUI7WUFDbkMsYUFBYTtTQUNkLENBQUMsQ0FBQztRQUNILElBQUEsK0JBQWMsRUFBQztZQUNiLEdBQUcsWUFBWTtZQUNmLElBQUksRUFBRSxHQUFHLEVBQUUsT0FBTztZQUNsQixRQUFRLEVBQUUsZ0NBQWdDO1lBQzFDLGFBQWE7U0FDZCxDQUFDLENBQUM7UUFDSCxJQUFBLCtCQUFjLEVBQUM7WUFDYixHQUFHLFlBQVk7WUFDZixJQUFJLEVBQUUsR0FBRyxFQUFFLFNBQVM7WUFDcEIsUUFBUSxFQUFFLDBCQUEwQjtZQUNwQyxhQUFhO1NBQ2QsQ0FBQyxDQUFDO1FBQ0gsSUFBQSwrQkFBYyxFQUFDO1lBQ2IsR0FBRyxZQUFZO1lBQ2YsSUFBSSxFQUFFLEdBQUcsRUFBRSxTQUFTO1lBQ3BCLFFBQVEsRUFBRSwyQkFBMkI7WUFDckMsYUFBYTtTQUNkLENBQUMsQ0FBQztJQUNMLENBQUM7QUFDSCxDQUFDLENBQUM7QUFFSyxNQUFNLDBCQUEwQixHQUFHLENBQUMsRUFDekMsSUFBSSxFQUNKLFFBQVEsRUFDUixTQUFTLEdBS1YsRUFBRSxFQUFFLENBQ0gsUUFBUSxDQUFDLEtBQUssQ0FBQyxLQUFLLEVBQUUsQ0FBQyxFQUFFLEVBQUU7SUFDekIsSUFBSSxDQUFDLENBQUM7UUFBRSxPQUFPO0lBQ2YsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFBLDBCQUFpQixFQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQ3JELElBQUcsQ0FBQyxTQUFTO1FBQUMsT0FBTztJQUVyQixJQUFBLHdCQUFnQixFQUFDO1FBQ2YsSUFBSSxFQUFFLEdBQUcsSUFBSSx3QkFBd0IsU0FBUyxDQUFDLElBQUksRUFBRTtRQUNyRCxRQUFRLEVBQUUsQ0FBQyxDQUFDLFdBQVc7UUFDdkIsYUFBYSxFQUFFLElBQUEsa0JBQVUsRUFBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUMsUUFBUTtLQUN2RCxDQUFDLENBQUM7QUFDTCxDQUFDLENBQUMsQ0FBQztBQW5CUSxRQUFBLDBCQUEwQiw4QkFtQmxDO0FBRUUsTUFBTSwwQkFBMEIsR0FBRyxDQUFDLEVBQ3pDLElBQUksRUFDSixTQUFTLEVBQ1QsS0FBSyxHQVFOLEVBQUUsRUFBRTtJQUNILGdDQUFnQztJQUNoQyx3QkFBd0IsQ0FBQztRQUN2QixJQUFJLEVBQUUsR0FBRyxJQUFJLGdCQUFnQjtRQUM3QixLQUFLLEVBQUUsU0FBUyxDQUFDLEVBQUU7UUFDbkIsUUFBUSxFQUFFLEtBQUssQ0FBQyxhQUFhLENBQUMsUUFBUTtRQUN0QyxVQUFVLEVBQUUsVUFBVTtRQUN0QixhQUFhLEVBQUUsT0FBTztLQUN2QixDQUFDLENBQUM7SUFFSCx3QkFBd0IsQ0FBQztRQUN2QixJQUFJLEVBQUUsR0FBRyxJQUFJLGFBQWE7UUFDMUIsS0FBSyxFQUFFLFNBQVMsQ0FBQyxFQUFFO1FBQ25CLFFBQVEsRUFBRSxLQUFLLENBQUMsVUFBVSxDQUFDLFFBQVE7UUFDbkMsVUFBVSxFQUFFLFdBQVc7UUFDdkIsYUFBYSxFQUFFLE9BQU87S0FDdkIsQ0FBQyxDQUFDO0lBRUgsaUdBQWlHO0lBQ2pHLE1BQU0sR0FBRyxHQUFHLElBQUEseUJBQWMsR0FBRSxDQUFDO0lBQzdCLHdCQUF3QixDQUFDO1FBQ3ZCLElBQUksRUFBRSxHQUFHLElBQUksWUFBWTtRQUN6QixLQUFLLEVBQUUsU0FBUyxDQUFDLEVBQUU7UUFDbkIsUUFBUSxFQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsUUFBUTtRQUNoQyxVQUFVLEVBQUUsV0FBVztRQUN2QixhQUFhLEVBQUUsa0JBQWtCO0tBQ2xDLENBQUMsQ0FBQztJQUVILHdCQUF3QjtJQUN4QixJQUFBLDhCQUFlLEVBQUM7UUFDZCxJQUFJLEVBQUUsZ0JBQWdCO1FBQ3RCLEtBQUssRUFBRSxNQUFNO2FBQ1YsTUFBTSxDQUFDO1lBQ04sS0FBSyxFQUFFLEtBQUssQ0FBQyxVQUFVLENBQUMsV0FBVztZQUNuQyxRQUFRLEVBQUUsS0FBSyxDQUFDLGFBQWEsQ0FBQyxXQUFXO1NBQzFDLENBQUM7YUFDRCxLQUFLLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDeEMsU0FBUztRQUNULFdBQVcsRUFBRSxzQkFBc0I7S0FDcEMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyxDQUFDO0FBbkRXLFFBQUEsMEJBQTBCLDhCQW1EckM7QUFFRix1Q0FBdUM7QUFDdkMsb0JBQW9CO0FBQ3BCLGdCQUFnQjtBQUNoQixnQkFBZ0I7QUFDaEIsZ0JBQWdCO0FBQ2hCLHVCQUF1QjtBQUN2QixhQUFhO0FBQ2Isb0JBQW9CO0FBQ3BCLGdCQUFnQjtBQUNoQixjQUFjO0FBQ2Qsd0JBQXdCO0FBQ3hCLHVCQUF1QjtBQUN2QixlQUFlO0FBQ2YsaUJBQWlCO0FBQ2pCLGlCQUFpQjtBQUNqQixvQkFBb0I7QUFDcEIsZ0JBQWdCO0FBQ2hCLE9BQU87QUFDUCxZQUFZO0FBQ1osZ0JBQWdCO0FBQ2hCLGdCQUFnQjtBQUNoQixpQkFBaUI7QUFDakIsZ0JBQWdCO0FBQ2hCLGlCQUFpQjtBQUNqQixhQUFhO0FBQ2IsZ0JBQWdCO0FBQ2hCLGNBQWM7QUFDZCxlQUFlO0FBQ2YsaUJBQWlCO0FBQ2pCLGlCQUFpQjtBQUNqQixjQUFjO0FBQ2QsbUJBQW1CO0FBQ25CLGdCQUFnQjtBQUNoQixnQkFBZ0I7QUFDaEIsaUJBQWlCO0FBQ2pCLE9BQU87QUFDUCxlQUFlO0FBQ2YsZ0JBQWdCO0FBQ2hCLGdCQUFnQjtBQUNoQixhQUFhO0FBQ2IsY0FBYztBQUNkLGVBQWU7QUFDZixpQkFBaUI7QUFDakIsaUJBQWlCO0FBQ2pCLGFBQWE7QUFDYixPQUFPO0FBQ1AsZUFBZTtBQUNmLGdCQUFnQjtBQUNoQixnQkFBZ0I7QUFDaEIsbUJBQW1CO0FBQ25CLGFBQWE7QUFDYixnQkFBZ0I7QUFDaEIsY0FBYztBQUNkLGlCQUFpQjtBQUNqQixlQUFlO0FBQ2YsaUJBQWlCO0FBQ2pCLHVCQUF1QjtBQUN2QixpQkFBaUI7QUFDakIsYUFBYTtBQUNiLGdCQUFnQjtBQUNoQixnQkFBZ0I7QUFDaEIsT0FBTztBQUNQLEtBQUs7QUFDTCxFQUFFO0FBQ0YsMENBQTBDO0FBQzFDLG1DQUFtQztBQUNuQyxZQUFZO0FBQ1osYUFBYTtBQUNiLGNBQWM7QUFDZCxpQkFBaUI7QUFDakIsaUJBQWlCO0FBQ2pCLGNBQWM7QUFDZCxtQkFBbUI7QUFDbkIsZ0JBQWdCO0FBQ2hCLGlCQUFpQjtBQUNqQixPQUFPO0FBQ1AsOEJBQThCO0FBQzlCLDhCQUE4QjtBQUM5QixLQUFLO0FBRUwsMkNBQTJDO0FBQzNDLFVBQVU7QUFDVixjQUFjO0FBQ2QsZ0JBQWdCO0FBQ2hCLGVBQWU7QUFDZix5QkFBeUI7QUFDekIsa0JBQWtCO0FBQ2xCLDZCQUE2QjtBQUM3QixRQUFRO0FBQ1IsbUNBQW1DO0FBQ25DLGdDQUFnQztBQUNoQyxnQkFBZ0I7QUFDaEIsZ0JBQWdCO0FBQ2hCLDhCQUE4QjtBQUM5QixrQ0FBa0M7QUFDbEMsZ0RBQWdEO0FBQ2hELDhDQUE4QztBQUM5QyxzQkFBc0I7QUFDdEIsa0NBQWtDO0FBQ2xDLHdDQUF3QztBQUN4QyxzQ0FBc0M7QUFDdEMseUJBQXlCO0FBQ3pCLGtDQUFrQztBQUNsQywyQ0FBMkM7QUFDM0MseUNBQXlDO0FBQ3pDLDBCQUEwQjtBQUMxQixrQ0FBa0M7QUFDbEMsMkNBQTJDO0FBQzNDLHlDQUF5QztBQUN6QyxRQUFRIn0=
|
package/KeyVault/index.d.ts
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
import { Input } from "@pulumi/pulumi";
|
|
2
2
|
import { BasicMonitorArgs, PrivateLinkProps } from "../types";
|
|
3
3
|
import { BasicResourceArgs } from "../types";
|
|
4
|
-
import { VaultAccessType } from "./VaultAccess";
|
|
5
4
|
interface Props extends BasicResourceArgs {
|
|
6
5
|
/**The default-encryption-key, tenant-id va subscription-id will be added to the secrets and keys*/
|
|
7
6
|
createDefaultValues?: boolean;
|
|
@@ -9,14 +8,10 @@ interface Props extends BasicResourceArgs {
|
|
|
9
8
|
ipAddresses?: Array<Input<string>>;
|
|
10
9
|
subnetIds?: Array<Input<string>>;
|
|
11
10
|
};
|
|
12
|
-
/** The permission and principals that allows to be access to this Key Vault */
|
|
13
|
-
auth?: VaultAccessType;
|
|
14
11
|
}
|
|
15
|
-
declare const _default: ({ name, group,
|
|
12
|
+
declare const _default: ({ name, group, createDefaultValues, network, ...others }: Props) => {
|
|
16
13
|
name: string;
|
|
17
14
|
vault: import("@pulumi/azure-native/keyvault/vault").Vault;
|
|
18
|
-
readOnlyGroup: import("@pulumi/pulumi").Output<import("@pulumi/pulumi").UnwrappedObject<import("@pulumi/azuread").GetGroupResult>> | import("@pulumi/pulumi").Output<import("@pulumi/azuread/group").Group>;
|
|
19
|
-
adminGroup: import("@pulumi/pulumi").Output<import("@pulumi/pulumi").UnwrappedObject<import("@pulumi/azuread").GetGroupResult>> | import("@pulumi/pulumi").Output<import("@pulumi/azuread/group").Group>;
|
|
20
15
|
toVaultInfo: () => {
|
|
21
16
|
name: string;
|
|
22
17
|
group: import("../types").ResourceGroupInfo;
|