@drunk-pulumi/azure 0.0.36 → 0.0.38
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Aks/Helper.d.ts +6 -11
- package/Aks/Helper.js +40 -65
- package/Aks/Identity.d.ts +3 -10
- package/Aks/Identity.js +9 -8
- package/Aks/index.d.ts +67 -71
- package/Aks/index.js +198 -314
- package/Apim/ApiProduct/PolicyBuilder.js +25 -27
- package/Apim/ApiProduct/SwaggerHelper.js +1 -3
- package/Apim/ApiProduct/index.d.ts +3 -3
- package/Apim/ApiProduct/index.js +1 -2
- package/Automation/index.d.ts +7 -0
- package/Automation/index.js +55 -0
- package/AzAd/EnvRoles.Consts.d.ts +12 -0
- package/AzAd/EnvRoles.Consts.js +125 -0
- package/AzAd/EnvRoles.d.ts +16 -15
- package/AzAd/EnvRoles.js +69 -47
- package/AzAd/GraphDefinition.d.ts +2 -2
- package/AzAd/GraphDefinition.js +3055 -3056
- package/AzAd/Helper.d.ts +24 -13
- package/AzAd/Helper.js +98 -25
- package/AzAd/Identities/AzDevOpsIdentity.d.ts +12 -0
- package/AzAd/Identities/AzDevOpsIdentity.js +32 -0
- package/AzAd/Identities/AzDevOpsManagedIdentity.d.ts +7 -0
- package/AzAd/Identities/AzDevOpsManagedIdentity.js +15 -0
- package/AzAd/Identities/AzUserAdRevertSync.d.ts +2 -9
- package/AzAd/Identities/AzUserAdRevertSync.js +4 -5
- package/AzAd/Identities/index.d.ts +3 -0
- package/AzAd/Identities/index.js +10 -0
- package/AzAd/Identity.d.ts +10 -22
- package/AzAd/Identity.js +50 -61
- package/AzAd/Role.d.ts +2 -3
- package/AzAd/Role.js +4 -5
- package/AzAd/RoleAssignment.d.ts +34 -5
- package/AzAd/RoleAssignment.js +2 -2
- package/AzAd/RoleDefinitions/JustInTimeRequestRole.d.ts +2 -0
- package/AzAd/RoleDefinitions/JustInTimeRequestRole.js +25 -0
- package/AzAd/RolesBuiltIn.d.ts +29 -0
- package/AzAd/RolesBuiltIn.js +13034 -8058
- package/AzAd/UserAssignedIdentity.d.ts +6 -0
- package/AzAd/UserAssignedIdentity.js +27 -0
- package/Builder/AksBuilder.d.ts +3 -0
- package/Builder/AksBuilder.js +95 -0
- package/Builder/VnetBuilder.d.ts +3 -0
- package/Builder/VnetBuilder.js +279 -0
- package/Builder/index.d.ts +2 -0
- package/Builder/index.js +8 -0
- package/Builder/types.d.ts +120 -0
- package/Builder/types.js +18 -0
- package/Certificate/index.d.ts +1 -1
- package/Certificate/index.js +26 -28
- package/Common/AutoTags.js +2 -2
- package/Common/AzureEnv.d.ts +4 -3
- package/Common/AzureEnv.js +31 -24
- package/Common/GlobalEnv.d.ts +1 -2
- package/Common/GlobalEnv.js +7 -7
- package/Common/Location.d.ts +3 -3
- package/Common/Location.js +22 -9
- package/Common/LocationBuiltIn.d.ts +6 -81
- package/Common/LocationBuiltIn.js +491 -1923
- package/Common/Naming/index.d.ts +6 -4
- package/Common/Naming/index.js +64 -60
- package/Common/ResourceEnv.d.ts +2 -2
- package/Common/ResourceEnv.js +11 -10
- package/Common/StackEnv.js +2 -9
- package/Core/KeyGenetators.d.ts +16 -20
- package/Core/KeyGenetators.js +17 -16
- package/Core/Random.d.ts +4 -4
- package/Core/Random.js +10 -10
- package/Core/ResourceGroup.d.ts +12 -6
- package/Core/ResourceGroup.js +12 -24
- package/IOT/Hub/index.d.ts +4 -8
- package/IOT/Hub/index.js +19 -54
- package/KeyVault/Helper.d.ts +8 -6
- package/KeyVault/Helper.js +13 -19
- package/KeyVault/index.d.ts +1 -3
- package/KeyVault/index.js +2 -26
- package/Logs/Helpers.d.ts +35 -25
- package/Logs/Helpers.js +33 -20
- package/Logs/LogAnalytics.d.ts +2 -2
- package/Logs/LogAnalytics.js +15 -6
- package/Logs/index.d.ts +3 -3
- package/Logs/index.js +4 -4
- package/MySql/index.d.ts +2 -3
- package/MySql/index.js +16 -19
- package/{ReadMe.md → README.md} +6 -1
- package/Sql/index.d.ts +17 -10
- package/Sql/index.js +39 -42
- package/Storage/CdnEndpoint.d.ts +2 -2
- package/Storage/CdnEndpoint.js +14 -15
- package/Storage/Helper.d.ts +2 -2
- package/Storage/Helper.js +6 -6
- package/Storage/ManagementRules.d.ts +5 -23
- package/Storage/ManagementRules.js +3 -3
- package/Storage/index.d.ts +3 -3
- package/Storage/index.js +28 -28
- package/VM/AzureDevOpsExtension.d.ts +16 -0
- package/VM/AzureDevOpsExtension.js +14 -0
- package/VM/Extension.d.ts +15 -0
- package/VM/Extension.js +13 -0
- package/VM/GlobalSchedule.d.ts +10 -0
- package/VM/GlobalSchedule.js +20 -0
- package/VM/index.d.ts +18 -18
- package/VM/index.js +94 -57
- package/VNet/Bastion.d.ts +4 -4
- package/VNet/Bastion.js +12 -8
- package/VNet/Firewall.d.ts +19 -12
- package/VNet/Firewall.js +59 -40
- package/VNet/FirewallPolicies/AksFirewallPolicy.d.ts +16 -16
- package/VNet/FirewallPolicies/AksFirewallPolicy.js +193 -220
- package/VNet/FirewallPolicies/CloudPCFirewallPolicy.d.ts +12 -10
- package/VNet/FirewallPolicies/CloudPCFirewallPolicy.js +170 -282
- package/VNet/FirewallPolicies/DefaultFirewallPolicy.d.ts +3 -0
- package/VNet/FirewallPolicies/DefaultFirewallPolicy.js +25 -0
- package/VNet/FirewallPolicies/index.d.ts +4 -0
- package/VNet/FirewallPolicies/index.js +10 -0
- package/VNet/FirewallPolicy.d.ts +14 -11
- package/VNet/FirewallPolicy.js +67 -74
- package/VNet/FirewallRules/AksFirewallRules.d.ts +4 -3
- package/VNet/FirewallRules/AksFirewallRules.js +101 -100
- package/VNet/Helper.d.ts +8 -4
- package/VNet/Helper.js +42 -35
- package/VNet/IpAddress.d.ts +6 -8
- package/VNet/IpAddress.js +6 -11
- package/VNet/IpAddressPrefix.d.ts +12 -9
- package/VNet/IpAddressPrefix.js +14 -13
- package/VNet/NSGRules/AppGatewaySecurityRule.d.ts +9 -0
- package/VNet/NSGRules/AppGatewaySecurityRule.js +46 -0
- package/VNet/NSGRules/AzADSecurityRule.d.ts +6 -0
- package/VNet/NSGRules/AzADSecurityRule.js +39 -0
- package/VNet/NSGRules/BastionSecurityRule.d.ts +9 -0
- package/VNet/NSGRules/BastionSecurityRule.js +93 -0
- package/VNet/NatGateway.d.ts +10 -0
- package/VNet/NatGateway.js +21 -0
- package/VNet/NetworkPeering.d.ts +7 -7
- package/VNet/NetworkPeering.js +29 -20
- package/VNet/PrivateDns.d.ts +8 -10
- package/VNet/PrivateDns.js +12 -14
- package/VNet/PrivateEndpoint.js +5 -2
- package/VNet/RouteTable.d.ts +7 -8
- package/VNet/RouteTable.js +6 -6
- package/VNet/SecurityGroup.d.ts +4 -4
- package/VNet/SecurityGroup.js +7 -3
- package/VNet/Subnet.d.ts +10 -7
- package/VNet/Subnet.js +4 -3
- package/VNet/VPNGateway.d.ts +13 -0
- package/VNet/VPNGateway.js +73 -0
- package/VNet/VirtualWAN.d.ts +7 -10
- package/VNet/VirtualWAN.js +1 -1
- package/VNet/Vnet.d.ts +29 -23
- package/VNet/Vnet.js +58 -121
- package/VNet/index.d.ts +17 -18
- package/VNet/index.js +41 -54
- package/VNet/types.d.ts +94 -0
- package/VNet/types.js +3 -0
- package/Web/types.d.ts +2 -134
- package/package.json +8 -8
- package/types.d.ts +22 -8
- package/z_tests/_tools/Mocks.js +12 -13
- package/Automation/AutoAccount.d.ts +0 -5
- package/Automation/AutoAccount.js +0 -18
- package/AzAd/Identities/AzDevOps.d.ts +0 -23
- package/AzAd/Identities/AzDevOps.js +0 -61
- package/AzAd/KeyVaultRoles.d.ts +0 -8
- package/AzAd/KeyVaultRoles.js +0 -53
- package/AzAd/ManagedIdentity.d.ts +0 -6
- package/AzAd/ManagedIdentity.js +0 -20
- package/AzAd/UserIdentity.d.ts +0 -5
- package/AzAd/UserIdentity.js +0 -12
- package/Common/Naming/AzureRegions.d.ts +0 -4
- package/Common/Naming/AzureRegions.js +0 -49
- package/KeyVault/VaultPermissions.d.ts +0 -27
- package/KeyVault/VaultPermissions.js +0 -226
- package/VNet/FirewallRules/types.d.ts +0 -20
- package/VNet/FirewallRules/types.js +0 -5
- package/VNet/NSGRules/AzADService.d.ts +0 -10
- package/VNet/NSGRules/AzADService.js +0 -45
package/VNet/Helper.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.getFirewallIpAddressByGroupName = exports.getFirewallIpAddress = exports.parseVnetInfoFromId = exports.getVnetIdByName = exports.getVnetInfo = exports.getIpAddressResource = exports.getIpAddressId = exports.getSubnetIdByName = exports.getVnetIdFromSubnetId = exports.convertToIpRange = exports.getIpsRange = exports.azBastionSubnetName = exports.azFirewallManagementSubnet = exports.azFirewallSubnet = exports.gatewaySubnetName = exports.appGatewaySubnetName = void 0;
|
|
4
4
|
const network = require("@pulumi/azure-native/network");
|
|
5
5
|
const pulumi_1 = require("@pulumi/pulumi");
|
|
6
6
|
const netmask = require("netmask");
|
|
@@ -12,9 +12,8 @@ exports.azFirewallSubnet = "AzureFirewallSubnet";
|
|
|
12
12
|
exports.azFirewallManagementSubnet = "AzureFirewallManagementSubnet";
|
|
13
13
|
exports.azBastionSubnetName = "AzureBastionSubnet";
|
|
14
14
|
const getIpsRange = (prefix) => {
|
|
15
|
-
const block = new netmask.Netmask(prefix);
|
|
16
15
|
//console.debug('getIpsRange', block);
|
|
17
|
-
return
|
|
16
|
+
return new netmask.Netmask(prefix);
|
|
18
17
|
};
|
|
19
18
|
exports.getIpsRange = getIpsRange;
|
|
20
19
|
/** Convert IP address and IP address group into range */
|
|
@@ -28,39 +27,9 @@ const convertToIpRange = (ipAddress) => ipAddress.map((ip) => {
|
|
|
28
27
|
exports.convertToIpRange = convertToIpRange;
|
|
29
28
|
const getVnetIdFromSubnetId = (subnetId) => {
|
|
30
29
|
//The sample SubnetId is /subscriptions/63a31b41-eb5d-4160-9fc9-d30fc00286c9/resourceGroups/sg-dev-aks-vnet/providers/Microsoft.Network/virtualNetworks/sg-vnet-trans/subnets/aks-main-nodes
|
|
31
|
-
|
|
32
|
-
//console.log(id);
|
|
33
|
-
return id;
|
|
30
|
+
return subnetId.split("/subnets")[0];
|
|
34
31
|
};
|
|
35
32
|
exports.getVnetIdFromSubnetId = getVnetIdFromSubnetId;
|
|
36
|
-
/**Merge Firewall Rules Policies with starting priority*/
|
|
37
|
-
const mergeFirewallRules = (rules, startPriority = 200) => {
|
|
38
|
-
const applicationRuleCollections = new Array();
|
|
39
|
-
const natRuleCollections = new Array();
|
|
40
|
-
const networkRuleCollections = new Array();
|
|
41
|
-
//Combined Rules
|
|
42
|
-
rules.forEach((r) => {
|
|
43
|
-
if (r.applicationRuleCollections) {
|
|
44
|
-
applicationRuleCollections.push(...r.applicationRuleCollections);
|
|
45
|
-
}
|
|
46
|
-
if (r.natRuleCollections) {
|
|
47
|
-
natRuleCollections.push(...r.natRuleCollections);
|
|
48
|
-
}
|
|
49
|
-
if (r.networkRuleCollections) {
|
|
50
|
-
networkRuleCollections.push(...r.networkRuleCollections);
|
|
51
|
-
}
|
|
52
|
-
});
|
|
53
|
-
//Update Priority
|
|
54
|
-
applicationRuleCollections.forEach((a, i) => (a.priority = startPriority + i));
|
|
55
|
-
natRuleCollections.forEach((a, i) => (a.priority = startPriority + i));
|
|
56
|
-
networkRuleCollections.forEach((a, i) => (a.priority = startPriority + i));
|
|
57
|
-
return {
|
|
58
|
-
applicationRuleCollections,
|
|
59
|
-
natRuleCollections,
|
|
60
|
-
networkRuleCollections,
|
|
61
|
-
};
|
|
62
|
-
};
|
|
63
|
-
exports.mergeFirewallRules = mergeFirewallRules;
|
|
64
33
|
/**Get Subnet Id from Naming rules*/
|
|
65
34
|
const getSubnetIdByName = ({ subnetName, vnetAndGroupName, }) => {
|
|
66
35
|
const vnetName = (0, Naming_1.getVnetName)(vnetAndGroupName);
|
|
@@ -83,4 +52,42 @@ const getIpAddressResource = ({ name, groupName, }) => {
|
|
|
83
52
|
});
|
|
84
53
|
};
|
|
85
54
|
exports.getIpAddressResource = getIpAddressResource;
|
|
86
|
-
|
|
55
|
+
const getVnetInfo = (groupName) => {
|
|
56
|
+
const vnetName = (0, Naming_1.getVnetName)(groupName);
|
|
57
|
+
const rsName = (0, Naming_1.getResourceGroupName)(groupName);
|
|
58
|
+
return {
|
|
59
|
+
vnetName,
|
|
60
|
+
resourceGroupName: rsName,
|
|
61
|
+
subscriptionId: AzureEnv_1.subscriptionId,
|
|
62
|
+
};
|
|
63
|
+
};
|
|
64
|
+
exports.getVnetInfo = getVnetInfo;
|
|
65
|
+
const getVnetIdByName = (groupName) => {
|
|
66
|
+
const info = (0, exports.getVnetInfo)(groupName);
|
|
67
|
+
return (0, pulumi_1.interpolate) `/subscriptions/${info.subscriptionId}/resourceGroups/${info.resourceGroupName}/providers/Microsoft.Network/virtualNetworks/${info.vnetName}`;
|
|
68
|
+
};
|
|
69
|
+
exports.getVnetIdByName = getVnetIdByName;
|
|
70
|
+
const parseVnetInfoFromId = (vnetId) => (0, pulumi_1.output)(vnetId).apply((id) => {
|
|
71
|
+
const info = (0, AzureEnv_1.parseResourceInfoFromId)(id);
|
|
72
|
+
return {
|
|
73
|
+
vnetName: info.name,
|
|
74
|
+
resourceGroupName: info.group.resourceGroupName,
|
|
75
|
+
subscriptionId: info.subscriptionId,
|
|
76
|
+
};
|
|
77
|
+
});
|
|
78
|
+
exports.parseVnetInfoFromId = parseVnetInfoFromId;
|
|
79
|
+
const getFirewallIpAddress = (name, group) => {
|
|
80
|
+
const firewall = network.getAzureFirewallOutput({
|
|
81
|
+
azureFirewallName: name,
|
|
82
|
+
...group,
|
|
83
|
+
});
|
|
84
|
+
return firewall.ipConfigurations.apply((cf) => cf[0].privateIPAddress);
|
|
85
|
+
};
|
|
86
|
+
exports.getFirewallIpAddress = getFirewallIpAddress;
|
|
87
|
+
const getFirewallIpAddressByGroupName = (groupName) => {
|
|
88
|
+
const fireWallName = (0, Naming_1.getFirewallName)(groupName);
|
|
89
|
+
const rsName = (0, Naming_1.getResourceGroupName)(groupName);
|
|
90
|
+
return (0, exports.getFirewallIpAddress)(fireWallName, { resourceGroupName: rsName });
|
|
91
|
+
};
|
|
92
|
+
exports.getFirewallIpAddressByGroupName = getFirewallIpAddressByGroupName;
|
|
93
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL1ZOZXQvSGVscGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHdEQUF3RDtBQUN4RCwyQ0FBb0U7QUFDcEUsbUNBQW1DO0FBQ25DLGlEQUk0QjtBQUM1Qiw2Q0FLMEI7QUFJYixRQUFBLG9CQUFvQixHQUFHLGFBQWEsQ0FBQztBQUNyQyxRQUFBLGlCQUFpQixHQUFHLGVBQWUsQ0FBQztBQUNwQyxRQUFBLGdCQUFnQixHQUFHLHFCQUFxQixDQUFDO0FBQ3pDLFFBQUEsMEJBQTBCLEdBQUcsK0JBQStCLENBQUM7QUFDN0QsUUFBQSxtQkFBbUIsR0FBRyxvQkFBb0IsQ0FBQztBQUVqRCxNQUFNLFdBQVcsR0FBRyxDQUFDLE1BQWMsRUFBRSxFQUFFO0lBQzVDLHNDQUFzQztJQUN0QyxPQUFPLElBQUksT0FBTyxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztBQUNyQyxDQUFDLENBQUM7QUFIVyxRQUFBLFdBQVcsZUFHdEI7QUFFRix5REFBeUQ7QUFDbEQsTUFBTSxnQkFBZ0IsR0FBRyxDQUM5QixTQUFtQixFQUNvQixFQUFFLENBQ3pDLFNBQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRTtJQUNuQixJQUFJLEVBQUUsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUNyQixNQUFNLEtBQUssR0FBRyxJQUFBLG1CQUFXLEVBQUMsRUFBRSxDQUFDLENBQUM7UUFDOUIsT0FBTyxFQUFFLEtBQUssRUFBRSxLQUFLLENBQUMsSUFBSSxFQUFFLEdBQUcsRUFBRSxLQUFLLENBQUMsU0FBUyxFQUFFLENBQUM7SUFDckQsQ0FBQztJQUNELE9BQU8sRUFBRSxLQUFLLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsQ0FBQztBQUNoQyxDQUFDLENBQUMsQ0FBQztBQVRRLFFBQUEsZ0JBQWdCLG9CQVN4QjtBQUVFLE1BQU0scUJBQXFCLEdBQUcsQ0FBQyxRQUFnQixFQUFFLEVBQUU7SUFDeEQsNExBQTRMO0lBQzVMLE9BQU8sUUFBUSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztBQUN2QyxDQUFDLENBQUM7QUFIVyxRQUFBLHFCQUFxQix5QkFHaEM7QUFRRixvQ0FBb0M7QUFDN0IsTUFBTSxpQkFBaUIsR0FBRyxDQUFDLEVBQ2hDLFVBQVUsRUFDVixnQkFBZ0IsR0FDSixFQUFrQixFQUFFO0lBQ2hDLE1BQU0sUUFBUSxHQUFHLElBQUEsb0JBQVcsRUFBQyxnQkFBZ0IsQ0FBQyxDQUFDO0lBQy9DLE1BQU0sS0FBSyxHQUFHLElBQUEsNkJBQW9CLEVBQUMsZ0JBQWdCLENBQUMsQ0FBQztJQUNyRCxPQUFPLElBQUEsb0JBQVcsRUFBQSxrQkFBa0IseUJBQWMsbUJBQW1CLEtBQUssZ0RBQWdELFFBQVEsWUFBWSxVQUFVLEVBQUUsQ0FBQztBQUM3SixDQUFDLENBQUM7QUFQVyxRQUFBLGlCQUFpQixxQkFPNUI7QUFFSyxNQUFNLGNBQWMsR0FBRyxDQUFDLEVBQzdCLElBQUksRUFDSixTQUFTLEdBSVYsRUFBRSxFQUFFO0lBQ0gsTUFBTSxDQUFDLEdBQUcsSUFBQSx5QkFBZ0IsRUFBQyxJQUFJLENBQUMsQ0FBQztJQUNqQyxNQUFNLEtBQUssR0FBRyxJQUFBLDZCQUFvQixFQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzlDLE9BQU8sSUFBQSxvQkFBVyxFQUFBLGtCQUFrQix5QkFBYyxtQkFBbUIsS0FBSyxrREFBa0QsQ0FBQyxFQUFFLENBQUM7QUFDbEksQ0FBQyxDQUFDO0FBVlcsUUFBQSxjQUFjLGtCQVV6QjtBQUVLLE1BQU0sb0JBQW9CLEdBQUcsQ0FBQyxFQUNuQyxJQUFJLEVBQ0osU0FBUyxHQUlWLEVBQUUsRUFBRTtJQUNILE1BQU0sQ0FBQyxHQUFHLElBQUEseUJBQWdCLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFDakMsTUFBTSxLQUFLLEdBQUcsSUFBQSw2QkFBb0IsRUFBQyxTQUFTLENBQUMsQ0FBQztJQUU5QyxPQUFPLE9BQU8sQ0FBQyxrQkFBa0IsQ0FBQztRQUNoQyxtQkFBbUIsRUFBRSxDQUFDO1FBQ3RCLGlCQUFpQixFQUFFLEtBQUs7S0FDekIsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyxDQUFDO0FBZFcsUUFBQSxvQkFBb0Isd0JBYy9CO0FBRUssTUFBTSxXQUFXLEdBQUcsQ0FBQyxTQUFpQixFQUFnQixFQUFFO0lBQzdELE1BQU0sUUFBUSxHQUFHLElBQUEsb0JBQVcsRUFBQyxTQUFTLENBQUMsQ0FBQztJQUN4QyxNQUFNLE1BQU0sR0FBRyxJQUFBLDZCQUFvQixFQUFDLFNBQVMsQ0FBQyxDQUFDO0lBRS9DLE9BQU87UUFDTCxRQUFRO1FBQ1IsaUJBQWlCLEVBQUUsTUFBTTtRQUN6QixjQUFjLEVBQWQseUJBQWM7S0FDZixDQUFDO0FBQ0osQ0FBQyxDQUFDO0FBVFcsUUFBQSxXQUFXLGVBU3RCO0FBRUssTUFBTSxlQUFlLEdBQUcsQ0FBQyxTQUFpQixFQUFFLEVBQUU7SUFDbkQsTUFBTSxJQUFJLEdBQUcsSUFBQSxtQkFBVyxFQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQ3BDLE9BQU8sSUFBQSxvQkFBVyxFQUFBLGtCQUFrQixJQUFJLENBQUMsY0FBYyxtQkFBbUIsSUFBSSxDQUFDLGlCQUFpQixnREFBZ0QsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO0FBQ2xLLENBQUMsQ0FBQztBQUhXLFFBQUEsZUFBZSxtQkFHMUI7QUFFSyxNQUFNLG1CQUFtQixHQUFHLENBQ2pDLE1BQXFCLEVBQ0MsRUFBRSxDQUN4QixJQUFBLGVBQU0sRUFBQyxNQUFNLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRTtJQUMxQixNQUFNLElBQUksR0FBRyxJQUFBLGtDQUF1QixFQUFDLEVBQUUsQ0FBRSxDQUFDO0lBQzFDLE9BQU87UUFDTCxRQUFRLEVBQUUsSUFBSSxDQUFDLElBQUk7UUFDbkIsaUJBQWlCLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxpQkFBaUI7UUFDL0MsY0FBYyxFQUFFLElBQUksQ0FBQyxjQUFjO0tBQ3BCLENBQUM7QUFDcEIsQ0FBQyxDQUFDLENBQUM7QUFWUSxRQUFBLG1CQUFtQix1QkFVM0I7QUFFRSxNQUFNLG9CQUFvQixHQUFHLENBQ2xDLElBQVksRUFDWixLQUF3QixFQUN4QixFQUFFO0lBQ0YsTUFBTSxRQUFRLEdBQUcsT0FBTyxDQUFDLHNCQUFzQixDQUFDO1FBQzlDLGlCQUFpQixFQUFFLElBQUk7UUFDdkIsR0FBRyxLQUFLO0tBQ1QsQ0FBQyxDQUFDO0lBRUgsT0FBTyxRQUFRLENBQUMsZ0JBQWlCLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxFQUFHLENBQUMsQ0FBQyxDQUFFLENBQUMsZ0JBQWlCLENBQUMsQ0FBQztBQUM3RSxDQUFDLENBQUM7QUFWVyxRQUFBLG9CQUFvQix3QkFVL0I7QUFFSyxNQUFNLCtCQUErQixHQUFHLENBQUMsU0FBaUIsRUFBRSxFQUFFO0lBQ25FLE1BQU0sWUFBWSxHQUFHLElBQUEsd0JBQWUsRUFBQyxTQUFTLENBQUMsQ0FBQztJQUNoRCxNQUFNLE1BQU0sR0FBRyxJQUFBLDZCQUFvQixFQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQy9DLE9BQU8sSUFBQSw0QkFBb0IsRUFBQyxZQUFZLEVBQUUsRUFBRSxpQkFBaUIsRUFBRSxNQUFNLEVBQUUsQ0FBQyxDQUFDO0FBQzNFLENBQUMsQ0FBQztBQUpXLFFBQUEsK0JBQStCLG1DQUkxQyJ9
|
package/VNet/IpAddress.d.ts
CHANGED
|
@@ -1,17 +1,15 @@
|
|
|
1
|
-
import * as network from
|
|
2
|
-
import { Input } from
|
|
3
|
-
import { BasicResourceArgs } from
|
|
1
|
+
import * as network from "@pulumi/azure-native/network";
|
|
2
|
+
import { Input } from "@pulumi/pulumi";
|
|
3
|
+
import { BasicResourceArgs } from "../types";
|
|
4
4
|
interface Props extends BasicResourceArgs {
|
|
5
5
|
version?: network.IPVersion;
|
|
6
6
|
publicIPPrefix?: network.PublicIPPrefix;
|
|
7
7
|
enableDdos?: boolean;
|
|
8
8
|
ddosCustomPolicyId?: Input<string>;
|
|
9
9
|
allocationMethod?: network.IPAllocationMethod;
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
tier?: network.PublicIPAddressSkuTier;
|
|
13
|
-
};
|
|
10
|
+
tier?: network.PublicIPAddressSkuTier | string;
|
|
11
|
+
enableZone?: boolean;
|
|
14
12
|
lock?: boolean;
|
|
15
13
|
}
|
|
16
|
-
declare const _default: ({ name, group, version, publicIPPrefix, enableDdos, ddosCustomPolicyId, allocationMethod,
|
|
14
|
+
declare const _default: ({ name, group, version, publicIPPrefix, enableDdos, ddosCustomPolicyId, enableZone, allocationMethod, tier, lock, }: Props) => import("@pulumi/azure-native/network/publicIPAddress").PublicIPAddress;
|
|
17
15
|
export default _default;
|
package/VNet/IpAddress.js
CHANGED
|
@@ -6,10 +6,7 @@ const Naming_1 = require("../Common/Naming");
|
|
|
6
6
|
const Locker_1 = require("../Core/Locker");
|
|
7
7
|
const StackEnv_1 = require("../Common/StackEnv");
|
|
8
8
|
const getIpName = (name) => (0, Naming_1.getIpAddressName)(name);
|
|
9
|
-
exports.default = ({ name, group, version = network.IPVersion.IPv4, publicIPPrefix, enableDdos, ddosCustomPolicyId, allocationMethod = network.IPAllocationMethod.Static,
|
|
10
|
-
name: network.PublicIPAddressSkuName.Basic,
|
|
11
|
-
tier: network.PublicIPAddressSkuTier.Regional,
|
|
12
|
-
}, lock = true, }) => {
|
|
9
|
+
exports.default = ({ name, group, version = network.IPVersion.IPv4, publicIPPrefix, enableDdos, ddosCustomPolicyId, enableZone = AzureEnv_1.isPrd, allocationMethod = network.IPAllocationMethod.Static, tier = network.PublicIPAddressSkuTier.Regional, lock = true, }) => {
|
|
13
10
|
name = getIpName(name);
|
|
14
11
|
const ipAddress = new network.PublicIPAddress(name, {
|
|
15
12
|
publicIpAddressName: name,
|
|
@@ -18,20 +15,18 @@ exports.default = ({ name, group, version = network.IPVersion.IPv4, publicIPPref
|
|
|
18
15
|
publicIPAddressVersion: version,
|
|
19
16
|
publicIPAllocationMethod: allocationMethod,
|
|
20
17
|
publicIPPrefix: publicIPPrefix ? { id: publicIPPrefix.id } : undefined,
|
|
21
|
-
ddosSettings: enableDdos &&
|
|
22
|
-
ddosCustomPolicyId &&
|
|
23
|
-
sku.name === network.PublicIPAddressSkuName.Standard
|
|
18
|
+
ddosSettings: enableDdos && ddosCustomPolicyId
|
|
24
19
|
? {
|
|
25
|
-
protectionMode: enableDdos ?
|
|
20
|
+
protectionMode: enableDdos ? "Enabled" : "Disabled",
|
|
26
21
|
ddosProtectionPlan: { id: ddosCustomPolicyId },
|
|
27
22
|
}
|
|
28
23
|
: undefined,
|
|
29
|
-
sku,
|
|
30
|
-
zones:
|
|
24
|
+
sku: { name: "Standard", tier },
|
|
25
|
+
zones: enableZone ? ["1", "2", "3"] : undefined,
|
|
31
26
|
}, { dependsOn: publicIPPrefix });
|
|
32
27
|
if (lock) {
|
|
33
28
|
(0, Locker_1.default)({ name, resource: ipAddress });
|
|
34
29
|
}
|
|
35
30
|
return ipAddress;
|
|
36
31
|
};
|
|
37
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
32
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSXBBZGRyZXNzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL1ZOZXQvSXBBZGRyZXNzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsd0RBQXdEO0FBR3hELGlEQUEyQztBQUMzQyw2Q0FBb0Q7QUFDcEQsMkNBQW9DO0FBQ3BDLGlEQUFrRDtBQWFsRCxNQUFNLFNBQVMsR0FBRyxDQUFDLElBQVksRUFBRSxFQUFFLENBQUMsSUFBQSx5QkFBZ0IsRUFBQyxJQUFJLENBQUMsQ0FBQztBQUUzRCxrQkFBZSxDQUFDLEVBQ2QsSUFBSSxFQUNKLEtBQUssRUFDTCxPQUFPLEdBQUcsT0FBTyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQ2hDLGNBQWMsRUFDZCxVQUFVLEVBQ1Ysa0JBQWtCLEVBQ2xCLFVBQVUsR0FBRyxnQkFBSyxFQUNsQixnQkFBZ0IsR0FBRyxPQUFPLENBQUMsa0JBQWtCLENBQUMsTUFBTSxFQUNwRCxJQUFJLEdBQUcsT0FBTyxDQUFDLHNCQUFzQixDQUFDLFFBQVEsRUFDOUMsSUFBSSxHQUFHLElBQUksR0FDTCxFQUFFLEVBQUU7SUFDVixJQUFJLEdBQUcsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQ3ZCLE1BQU0sU0FBUyxHQUFHLElBQUksT0FBTyxDQUFDLGVBQWUsQ0FDM0MsSUFBSSxFQUNKO1FBQ0UsbUJBQW1CLEVBQUUsSUFBSTtRQUN6QixHQUFHLEtBQUs7UUFDUixXQUFXLEVBQUUsRUFBRSxlQUFlLEVBQUUsR0FBRyxJQUFJLElBQUksdUJBQVksRUFBRSxFQUFFO1FBQzNELHNCQUFzQixFQUFFLE9BQU87UUFDL0Isd0JBQXdCLEVBQUUsZ0JBQWdCO1FBQzFDLGNBQWMsRUFBRSxjQUFjLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLGNBQWMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUztRQUN0RSxZQUFZLEVBQ1YsVUFBVSxJQUFJLGtCQUFrQjtZQUM5QixDQUFDLENBQUM7Z0JBQ0UsY0FBYyxFQUFFLFVBQVUsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxVQUFVO2dCQUNuRCxrQkFBa0IsRUFBRSxFQUFFLEVBQUUsRUFBRSxrQkFBa0IsRUFBRTthQUMvQztZQUNILENBQUMsQ0FBQyxTQUFTO1FBQ2YsR0FBRyxFQUFFLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxJQUFJLEVBQUU7UUFDL0IsS0FBSyxFQUFFLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTO0tBQ2hELEVBQ0QsRUFBRSxTQUFTLEVBQUUsY0FBYyxFQUFFLENBQzlCLENBQUM7SUFFRixJQUFJLElBQUksRUFBRSxDQUFDO1FBQ1QsSUFBQSxnQkFBTSxFQUFDLEVBQUUsSUFBSSxFQUFFLFFBQVEsRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRCxPQUFPLFNBQVMsQ0FBQztBQUNuQixDQUFDLENBQUMifQ==
|
|
@@ -1,22 +1,25 @@
|
|
|
1
|
-
import * as network from
|
|
2
|
-
import {
|
|
3
|
-
import {
|
|
1
|
+
import * as network from "@pulumi/azure-native/network";
|
|
2
|
+
import { PublicIPAddress } from "@pulumi/azure-native/network";
|
|
3
|
+
import { Input } from "@pulumi/pulumi";
|
|
4
|
+
import { BasicResourceArgs } from "../types";
|
|
4
5
|
type AddressNameType = Array<{
|
|
5
6
|
name: string;
|
|
6
7
|
}>;
|
|
7
|
-
interface
|
|
8
|
-
prefixLength
|
|
8
|
+
export interface PublicIpAddressPrefixProps extends BasicResourceArgs {
|
|
9
|
+
prefixLength?: 28 | 29 | 30 | 31;
|
|
10
|
+
createPrefix?: boolean;
|
|
9
11
|
config?: {
|
|
10
12
|
version?: network.IPVersion;
|
|
11
13
|
enableDdos?: boolean;
|
|
12
14
|
ddosCustomPolicyId?: Input<string>;
|
|
13
15
|
allocationMethod?: network.IPAllocationMethod;
|
|
14
16
|
};
|
|
15
|
-
ipAddresses
|
|
17
|
+
ipAddresses?: AddressNameType;
|
|
16
18
|
lock?: boolean;
|
|
17
19
|
}
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
20
|
+
export type PublicIpAddressPrefixResult = {
|
|
21
|
+
addresses: Record<string, PublicIPAddress>;
|
|
22
|
+
addressPrefix?: network.PublicIPPrefix;
|
|
21
23
|
};
|
|
24
|
+
declare const _default: ({ name, group, prefixLength, createPrefix, ipAddresses, config, lock, }: PublicIpAddressPrefixProps) => PublicIpAddressPrefixResult;
|
|
22
25
|
export default _default;
|
package/VNet/IpAddressPrefix.js
CHANGED
|
@@ -4,18 +4,21 @@ const network = require("@pulumi/azure-native/network");
|
|
|
4
4
|
const Naming_1 = require("../Common/Naming");
|
|
5
5
|
const Locker_1 = require("../Core/Locker");
|
|
6
6
|
const IpAddress_1 = require("./IpAddress");
|
|
7
|
-
exports.default = ({ name, group, prefixLength, ipAddresses, config = {
|
|
7
|
+
exports.default = ({ name, group, prefixLength = 30, createPrefix = true, ipAddresses, config = {
|
|
8
8
|
version: network.IPVersion.IPv4,
|
|
9
9
|
allocationMethod: network.IPAllocationMethod.Static,
|
|
10
|
-
}, lock, }) => {
|
|
10
|
+
}, lock = true, }) => {
|
|
11
11
|
const n = (0, Naming_1.getIpAddressPrefixName)(name);
|
|
12
|
-
const
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
12
|
+
const sku = { name: "Standard", tier: "Regional" };
|
|
13
|
+
const addressPrefix = createPrefix
|
|
14
|
+
? new network.PublicIPPrefix(n, {
|
|
15
|
+
publicIpPrefixName: n,
|
|
16
|
+
...group,
|
|
17
|
+
prefixLength,
|
|
18
|
+
sku,
|
|
19
|
+
}, { ignoreChanges: ["prefixLength"] })
|
|
20
|
+
: undefined;
|
|
21
|
+
if (lock && addressPrefix) {
|
|
19
22
|
(0, Locker_1.default)({
|
|
20
23
|
name,
|
|
21
24
|
resource: addressPrefix,
|
|
@@ -25,17 +28,15 @@ exports.default = ({ name, group, prefixLength, ipAddresses, config = {
|
|
|
25
28
|
if (ipAddresses) {
|
|
26
29
|
ipAddresses.forEach((ip, i) => {
|
|
27
30
|
const n = ip.name ?? `${name}-${i}`;
|
|
28
|
-
|
|
31
|
+
addresses[n] = (0, IpAddress_1.default)({
|
|
29
32
|
...config,
|
|
30
33
|
name: n,
|
|
31
34
|
group,
|
|
32
35
|
publicIPPrefix: addressPrefix,
|
|
33
|
-
sku: { name: 'Standard', tier: 'Regional' },
|
|
34
36
|
lock,
|
|
35
37
|
});
|
|
36
|
-
addresses[n] = item;
|
|
37
38
|
});
|
|
38
39
|
}
|
|
39
40
|
return { addressPrefix, addresses };
|
|
40
41
|
};
|
|
41
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
42
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSXBBZGRyZXNzUHJlZml4LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL1ZOZXQvSXBBZGRyZXNzUHJlZml4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsd0RBQXdEO0FBR3hELDZDQUEwRDtBQUMxRCwyQ0FBb0M7QUFFcEMsMkNBQW9DO0FBd0JwQyxrQkFBZSxDQUFDLEVBQ2QsSUFBSSxFQUNKLEtBQUssRUFDTCxZQUFZLEdBQUcsRUFBRSxFQUNqQixZQUFZLEdBQUcsSUFBSSxFQUNuQixXQUFXLEVBQ1gsTUFBTSxHQUFHO0lBQ1AsT0FBTyxFQUFFLE9BQU8sQ0FBQyxTQUFTLENBQUMsSUFBSTtJQUMvQixnQkFBZ0IsRUFBRSxPQUFPLENBQUMsa0JBQWtCLENBQUMsTUFBTTtDQUNwRCxFQUNELElBQUksR0FBRyxJQUFJLEdBQ2dCLEVBQStCLEVBQUU7SUFDNUQsTUFBTSxDQUFDLEdBQUcsSUFBQSwrQkFBc0IsRUFBQyxJQUFJLENBQUMsQ0FBQztJQUN2QyxNQUFNLEdBQUcsR0FBRyxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxDQUFDO0lBRW5ELE1BQU0sYUFBYSxHQUFHLFlBQVk7UUFDaEMsQ0FBQyxDQUFDLElBQUksT0FBTyxDQUFDLGNBQWMsQ0FDeEIsQ0FBQyxFQUNEO1lBQ0Usa0JBQWtCLEVBQUUsQ0FBQztZQUNyQixHQUFHLEtBQUs7WUFDUixZQUFZO1lBQ1osR0FBRztTQUNKLEVBQ0QsRUFBRSxhQUFhLEVBQUUsQ0FBQyxjQUFjLENBQUMsRUFBRSxDQUNwQztRQUNILENBQUMsQ0FBQyxTQUFTLENBQUM7SUFFZCxJQUFJLElBQUksSUFBSSxhQUFhLEVBQUUsQ0FBQztRQUMxQixJQUFBLGdCQUFNLEVBQUM7WUFDTCxJQUFJO1lBQ0osUUFBUSxFQUFFLGFBQWE7U0FDeEIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELE1BQU0sU0FBUyxHQUFvQyxFQUFFLENBQUM7SUFFdEQsSUFBSSxXQUFXLEVBQUUsQ0FBQztRQUNoQixXQUFXLENBQUMsT0FBTyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsRUFBRSxFQUFFO1lBQzVCLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQyxJQUFJLElBQUksR0FBRyxJQUFJLElBQUksQ0FBQyxFQUFFLENBQUM7WUFDcEMsU0FBUyxDQUFDLENBQUMsQ0FBQyxHQUFHLElBQUEsbUJBQVMsRUFBQztnQkFDdkIsR0FBRyxNQUFNO2dCQUNULElBQUksRUFBRSxDQUFDO2dCQUNQLEtBQUs7Z0JBQ0wsY0FBYyxFQUFFLGFBQWE7Z0JBQzdCLElBQUk7YUFDTCxDQUFDLENBQUM7UUFDTCxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxPQUFPLEVBQUUsYUFBYSxFQUFFLFNBQVMsRUFBRSxDQUFDO0FBQ3RDLENBQUMsQ0FBQyJ9
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { CustomSecurityRuleArgs } from "../types";
|
|
2
|
+
interface Props {
|
|
3
|
+
addressPrefix: string;
|
|
4
|
+
version: "v1" | "v2";
|
|
5
|
+
startPriority?: number;
|
|
6
|
+
}
|
|
7
|
+
/** The Security group rules for Bastion */
|
|
8
|
+
declare const _default: ({ addressPrefix, version, startPriority }: Props) => CustomSecurityRuleArgs[];
|
|
9
|
+
export default _default;
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
/** The Security group rules for Bastion */
|
|
4
|
+
// https://learn.microsoft.com/en-us/azure/bastion/bastion-nsg
|
|
5
|
+
exports.default = ({ addressPrefix, version, startPriority = 300 }) => {
|
|
6
|
+
const rs = new Array();
|
|
7
|
+
//Inbound
|
|
8
|
+
rs.push({
|
|
9
|
+
name: "allow_internet_in_gateway_health",
|
|
10
|
+
description: "Allow Health check access from internet to Gateway",
|
|
11
|
+
priority: startPriority++,
|
|
12
|
+
protocol: "Tcp",
|
|
13
|
+
access: "Allow",
|
|
14
|
+
direction: "Inbound",
|
|
15
|
+
sourceAddressPrefix: "Internet",
|
|
16
|
+
sourcePortRange: "*",
|
|
17
|
+
destinationAddressPrefix: addressPrefix,
|
|
18
|
+
destinationPortRanges: version === "v1" ? ["65503-65534"] : ["65200-65535"],
|
|
19
|
+
}, {
|
|
20
|
+
name: "allow_https_internet_in_gateway",
|
|
21
|
+
description: "Allow HTTPS access from internet to Gateway",
|
|
22
|
+
priority: startPriority++,
|
|
23
|
+
protocol: "Tcp",
|
|
24
|
+
access: "Allow",
|
|
25
|
+
direction: "Inbound",
|
|
26
|
+
sourceAddressPrefix: "Internet",
|
|
27
|
+
sourcePortRange: "*",
|
|
28
|
+
destinationAddressPrefix: addressPrefix,
|
|
29
|
+
destinationPortRange: "443",
|
|
30
|
+
}, {
|
|
31
|
+
name: "allow_loadbalancer_in_gateway",
|
|
32
|
+
description: "Allow Load balancer to Gateway",
|
|
33
|
+
priority: startPriority++,
|
|
34
|
+
protocol: "Tcp",
|
|
35
|
+
access: "Allow",
|
|
36
|
+
direction: "Inbound",
|
|
37
|
+
sourceAddressPrefix: "AzureLoadBalancer",
|
|
38
|
+
sourcePortRange: "*",
|
|
39
|
+
destinationAddressPrefix: addressPrefix,
|
|
40
|
+
destinationPortRange: "*",
|
|
41
|
+
});
|
|
42
|
+
//Outbound
|
|
43
|
+
//rs.push();
|
|
44
|
+
return rs;
|
|
45
|
+
};
|
|
46
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQXBwR2F0ZXdheVNlY3VyaXR5UnVsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9WTmV0L05TR1J1bGVzL0FwcEdhdGV3YXlTZWN1cml0eVJ1bGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFRQSwyQ0FBMkM7QUFDM0MsOERBQThEO0FBQzlELGtCQUFlLENBQUMsRUFBRSxhQUFhLEVBQUUsT0FBTyxFQUFFLGFBQWEsR0FBRyxHQUFHLEVBQVMsRUFBRSxFQUFFO0lBQ3hFLE1BQU0sRUFBRSxHQUFHLElBQUksS0FBSyxFQUEwQixDQUFDO0lBQy9DLFNBQVM7SUFDVCxFQUFFLENBQUMsSUFBSSxDQUNMO1FBQ0UsSUFBSSxFQUFFLGtDQUFrQztRQUN4QyxXQUFXLEVBQUUsb0RBQW9EO1FBQ2pFLFFBQVEsRUFBRSxhQUFhLEVBQUU7UUFDekIsUUFBUSxFQUFFLEtBQUs7UUFDZixNQUFNLEVBQUUsT0FBTztRQUNmLFNBQVMsRUFBRSxTQUFTO1FBRXBCLG1CQUFtQixFQUFFLFVBQVU7UUFDL0IsZUFBZSxFQUFFLEdBQUc7UUFDcEIsd0JBQXdCLEVBQUUsYUFBYTtRQUN2QyxxQkFBcUIsRUFDbkIsT0FBTyxLQUFLLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxhQUFhLENBQUM7S0FDdkQsRUFDRDtRQUNFLElBQUksRUFBRSxpQ0FBaUM7UUFDdkMsV0FBVyxFQUFFLDZDQUE2QztRQUMxRCxRQUFRLEVBQUUsYUFBYSxFQUFFO1FBQ3pCLFFBQVEsRUFBRSxLQUFLO1FBQ2YsTUFBTSxFQUFFLE9BQU87UUFDZixTQUFTLEVBQUUsU0FBUztRQUVwQixtQkFBbUIsRUFBRSxVQUFVO1FBQy9CLGVBQWUsRUFBRSxHQUFHO1FBQ3BCLHdCQUF3QixFQUFFLGFBQWE7UUFDdkMsb0JBQW9CLEVBQUUsS0FBSztLQUM1QixFQUNEO1FBQ0UsSUFBSSxFQUFFLCtCQUErQjtRQUNyQyxXQUFXLEVBQUUsZ0NBQWdDO1FBQzdDLFFBQVEsRUFBRSxhQUFhLEVBQUU7UUFDekIsUUFBUSxFQUFFLEtBQUs7UUFDZixNQUFNLEVBQUUsT0FBTztRQUNmLFNBQVMsRUFBRSxTQUFTO1FBRXBCLG1CQUFtQixFQUFFLG1CQUFtQjtRQUN4QyxlQUFlLEVBQUUsR0FBRztRQUNwQix3QkFBd0IsRUFBRSxhQUFhO1FBQ3ZDLG9CQUFvQixFQUFFLEdBQUc7S0FDMUIsQ0FDRixDQUFDO0lBRUYsVUFBVTtJQUNWLFlBQVk7SUFDWixPQUFPLEVBQUUsQ0FBQztBQUNaLENBQUMsQ0FBQyJ9
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.default = ({ startPriority = 300 }) => {
|
|
4
|
+
const rs = new Array();
|
|
5
|
+
//Allows RD
|
|
6
|
+
rs.push({
|
|
7
|
+
name: "AllowRD",
|
|
8
|
+
sourceAddressPrefix: "CorpNetSaw",
|
|
9
|
+
sourcePortRange: "*",
|
|
10
|
+
destinationAddressPrefix: "*",
|
|
11
|
+
destinationPortRange: "3389",
|
|
12
|
+
protocol: "Tcp",
|
|
13
|
+
access: "Allow",
|
|
14
|
+
direction: "Inbound",
|
|
15
|
+
priority: startPriority++,
|
|
16
|
+
}, {
|
|
17
|
+
name: "AllowPSRemove",
|
|
18
|
+
sourceAddressPrefix: "AzureActiveDirectoryDomainServices",
|
|
19
|
+
sourcePortRange: "*",
|
|
20
|
+
destinationAddressPrefix: "*",
|
|
21
|
+
destinationPortRange: "5986",
|
|
22
|
+
protocol: "Tcp",
|
|
23
|
+
access: "Allow",
|
|
24
|
+
direction: "Inbound",
|
|
25
|
+
priority: startPriority++,
|
|
26
|
+
}, {
|
|
27
|
+
name: "AllowPort636",
|
|
28
|
+
sourceAddressPrefix: "*",
|
|
29
|
+
sourcePortRange: "*",
|
|
30
|
+
destinationAddressPrefix: "*",
|
|
31
|
+
destinationPortRange: "636",
|
|
32
|
+
protocol: "Tcp",
|
|
33
|
+
access: "Allow",
|
|
34
|
+
direction: "Inbound",
|
|
35
|
+
priority: startPriority++,
|
|
36
|
+
});
|
|
37
|
+
return rs;
|
|
38
|
+
};
|
|
39
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQXpBRFNlY3VyaXR5UnVsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9WTmV0L05TR1J1bGVzL0F6QURTZWN1cml0eVJ1bGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFNQSxrQkFBZSxDQUFDLEVBQUUsYUFBYSxHQUFHLEdBQUcsRUFBUyxFQUFFLEVBQUU7SUFDaEQsTUFBTSxFQUFFLEdBQUcsSUFBSSxLQUFLLEVBQTBCLENBQUM7SUFDL0MsV0FBVztJQUNYLEVBQUUsQ0FBQyxJQUFJLENBQ0w7UUFDRSxJQUFJLEVBQUUsU0FBUztRQUNmLG1CQUFtQixFQUFFLFlBQVk7UUFDakMsZUFBZSxFQUFFLEdBQUc7UUFDcEIsd0JBQXdCLEVBQUUsR0FBRztRQUM3QixvQkFBb0IsRUFBRSxNQUFNO1FBQzVCLFFBQVEsRUFBRSxLQUFLO1FBQ2YsTUFBTSxFQUFFLE9BQU87UUFDZixTQUFTLEVBQUUsU0FBUztRQUNwQixRQUFRLEVBQUUsYUFBYSxFQUFFO0tBQzFCLEVBQ0Q7UUFDRSxJQUFJLEVBQUUsZUFBZTtRQUNyQixtQkFBbUIsRUFBRSxvQ0FBb0M7UUFDekQsZUFBZSxFQUFFLEdBQUc7UUFDcEIsd0JBQXdCLEVBQUUsR0FBRztRQUM3QixvQkFBb0IsRUFBRSxNQUFNO1FBQzVCLFFBQVEsRUFBRSxLQUFLO1FBQ2YsTUFBTSxFQUFFLE9BQU87UUFDZixTQUFTLEVBQUUsU0FBUztRQUNwQixRQUFRLEVBQUUsYUFBYSxFQUFFO0tBQzFCLEVBQ0Q7UUFDRSxJQUFJLEVBQUUsY0FBYztRQUNwQixtQkFBbUIsRUFBRSxHQUFHO1FBQ3hCLGVBQWUsRUFBRSxHQUFHO1FBQ3BCLHdCQUF3QixFQUFFLEdBQUc7UUFDN0Isb0JBQW9CLEVBQUUsS0FBSztRQUMzQixRQUFRLEVBQUUsS0FBSztRQUNmLE1BQU0sRUFBRSxPQUFPO1FBQ2YsU0FBUyxFQUFFLFNBQVM7UUFDcEIsUUFBUSxFQUFFLGFBQWEsRUFBRTtLQUMxQixDQUNGLENBQUM7SUFDRixPQUFPLEVBQUUsQ0FBQztBQUNaLENBQUMsQ0FBQyJ9
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { CustomSecurityRuleArgs } from "../types";
|
|
2
|
+
interface Props {
|
|
3
|
+
bastionAddressPrefix: string;
|
|
4
|
+
vmAddressPrefixes: string[];
|
|
5
|
+
startPriority?: number;
|
|
6
|
+
}
|
|
7
|
+
/** The Security group rules for Bastion */
|
|
8
|
+
declare const _default: ({ bastionAddressPrefix, vmAddressPrefixes, startPriority, }: Props) => CustomSecurityRuleArgs[];
|
|
9
|
+
export default _default;
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
/** The Security group rules for Bastion */
|
|
4
|
+
// https://learn.microsoft.com/en-us/azure/bastion/bastion-nsg
|
|
5
|
+
exports.default = ({ bastionAddressPrefix, vmAddressPrefixes, startPriority = 3000, }) => {
|
|
6
|
+
const rs = new Array();
|
|
7
|
+
//Inbound
|
|
8
|
+
rs.push({
|
|
9
|
+
name: "BastionAllowsHttpsInbound",
|
|
10
|
+
sourceAddressPrefix: "Internet",
|
|
11
|
+
sourcePortRange: "*",
|
|
12
|
+
destinationAddressPrefix: bastionAddressPrefix,
|
|
13
|
+
destinationPortRange: "443",
|
|
14
|
+
protocol: "Tcp",
|
|
15
|
+
access: "Allow",
|
|
16
|
+
direction: "Inbound",
|
|
17
|
+
priority: startPriority++,
|
|
18
|
+
}, {
|
|
19
|
+
name: "BastionAllowsGatewayManagerInbound",
|
|
20
|
+
sourceAddressPrefix: "GatewayManager",
|
|
21
|
+
sourcePortRange: "*",
|
|
22
|
+
destinationAddressPrefix: "*",
|
|
23
|
+
destinationPortRange: "443",
|
|
24
|
+
protocol: "Tcp",
|
|
25
|
+
access: "Allow",
|
|
26
|
+
direction: "Inbound",
|
|
27
|
+
priority: startPriority++,
|
|
28
|
+
}, {
|
|
29
|
+
name: "BastionAllowsAzureBalancerInbound",
|
|
30
|
+
sourceAddressPrefix: "AzureLoadBalancer",
|
|
31
|
+
sourcePortRange: "*",
|
|
32
|
+
destinationAddressPrefix: "*",
|
|
33
|
+
destinationPortRange: "443",
|
|
34
|
+
protocol: "Tcp",
|
|
35
|
+
access: "Allow",
|
|
36
|
+
direction: "Inbound",
|
|
37
|
+
priority: startPriority++,
|
|
38
|
+
}, {
|
|
39
|
+
name: "BastionAllowsHostCommunicationInbound",
|
|
40
|
+
sourceAddressPrefix: "VirtualNetwork",
|
|
41
|
+
sourcePortRange: "*",
|
|
42
|
+
destinationAddressPrefix: "VirtualNetwork",
|
|
43
|
+
destinationPortRanges: ["8080", "5710"],
|
|
44
|
+
protocol: "*",
|
|
45
|
+
access: "Allow",
|
|
46
|
+
direction: "Inbound",
|
|
47
|
+
priority: startPriority++,
|
|
48
|
+
}, {
|
|
49
|
+
name: "BastionAllowsVmSshRdpInbound",
|
|
50
|
+
sourceAddressPrefix: bastionAddressPrefix,
|
|
51
|
+
sourcePortRange: "*",
|
|
52
|
+
destinationAddressPrefix: "VirtualNetwork",
|
|
53
|
+
destinationPortRanges: ["22", "3389"],
|
|
54
|
+
protocol: "*",
|
|
55
|
+
access: "Allow",
|
|
56
|
+
direction: "Inbound",
|
|
57
|
+
priority: startPriority++,
|
|
58
|
+
});
|
|
59
|
+
//Outbound
|
|
60
|
+
rs.push({
|
|
61
|
+
name: "BastionAllowsSshRdpOutbound",
|
|
62
|
+
sourceAddressPrefix: "*",
|
|
63
|
+
sourcePortRange: "*",
|
|
64
|
+
destinationAddressPrefix: "VirtualNetwork",
|
|
65
|
+
destinationPortRanges: ["22", "3389"],
|
|
66
|
+
protocol: "*",
|
|
67
|
+
access: "Allow",
|
|
68
|
+
direction: "Outbound",
|
|
69
|
+
priority: startPriority++,
|
|
70
|
+
}, {
|
|
71
|
+
name: "BastionAllowsAzureCloudOutbound",
|
|
72
|
+
sourceAddressPrefix: "*",
|
|
73
|
+
sourcePortRange: "*",
|
|
74
|
+
destinationAddressPrefix: "AzureCloud",
|
|
75
|
+
destinationPortRange: "443",
|
|
76
|
+
protocol: "Tcp",
|
|
77
|
+
access: "Allow",
|
|
78
|
+
direction: "Outbound",
|
|
79
|
+
priority: startPriority++,
|
|
80
|
+
}, {
|
|
81
|
+
name: "BastionAllowsCommunicationOutbound",
|
|
82
|
+
sourceAddressPrefix: "VirtualNetwork",
|
|
83
|
+
sourcePortRange: "*",
|
|
84
|
+
destinationAddressPrefix: "VirtualNetwork",
|
|
85
|
+
destinationPortRanges: ["8080", "5710"],
|
|
86
|
+
protocol: "Tcp",
|
|
87
|
+
access: "Allow",
|
|
88
|
+
direction: "Outbound",
|
|
89
|
+
priority: startPriority++,
|
|
90
|
+
});
|
|
91
|
+
return rs;
|
|
92
|
+
};
|
|
93
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQmFzdGlvblNlY3VyaXR5UnVsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9WTmV0L05TR1J1bGVzL0Jhc3Rpb25TZWN1cml0eVJ1bGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFRQSwyQ0FBMkM7QUFDM0MsOERBQThEO0FBQzlELGtCQUFlLENBQUMsRUFDZCxvQkFBb0IsRUFDcEIsaUJBQWlCLEVBQ2pCLGFBQWEsR0FBRyxJQUFJLEdBQ2QsRUFBRSxFQUFFO0lBQ1YsTUFBTSxFQUFFLEdBQUcsSUFBSSxLQUFLLEVBQTBCLENBQUM7SUFDL0MsU0FBUztJQUNULEVBQUUsQ0FBQyxJQUFJLENBQ0w7UUFDRSxJQUFJLEVBQUUsMkJBQTJCO1FBQ2pDLG1CQUFtQixFQUFFLFVBQVU7UUFDL0IsZUFBZSxFQUFFLEdBQUc7UUFDcEIsd0JBQXdCLEVBQUUsb0JBQW9CO1FBQzlDLG9CQUFvQixFQUFFLEtBQUs7UUFDM0IsUUFBUSxFQUFFLEtBQUs7UUFDZixNQUFNLEVBQUUsT0FBTztRQUNmLFNBQVMsRUFBRSxTQUFTO1FBQ3BCLFFBQVEsRUFBRSxhQUFhLEVBQUU7S0FDMUIsRUFDRDtRQUNFLElBQUksRUFBRSxvQ0FBb0M7UUFDMUMsbUJBQW1CLEVBQUUsZ0JBQWdCO1FBQ3JDLGVBQWUsRUFBRSxHQUFHO1FBQ3BCLHdCQUF3QixFQUFFLEdBQUc7UUFDN0Isb0JBQW9CLEVBQUUsS0FBSztRQUMzQixRQUFRLEVBQUUsS0FBSztRQUNmLE1BQU0sRUFBRSxPQUFPO1FBQ2YsU0FBUyxFQUFFLFNBQVM7UUFDcEIsUUFBUSxFQUFFLGFBQWEsRUFBRTtLQUMxQixFQUNEO1FBQ0UsSUFBSSxFQUFFLG1DQUFtQztRQUN6QyxtQkFBbUIsRUFBRSxtQkFBbUI7UUFDeEMsZUFBZSxFQUFFLEdBQUc7UUFDcEIsd0JBQXdCLEVBQUUsR0FBRztRQUM3QixvQkFBb0IsRUFBRSxLQUFLO1FBQzNCLFFBQVEsRUFBRSxLQUFLO1FBQ2YsTUFBTSxFQUFFLE9BQU87UUFDZixTQUFTLEVBQUUsU0FBUztRQUNwQixRQUFRLEVBQUUsYUFBYSxFQUFFO0tBQzFCLEVBQ0Q7UUFDRSxJQUFJLEVBQUUsdUNBQXVDO1FBQzdDLG1CQUFtQixFQUFFLGdCQUFnQjtRQUNyQyxlQUFlLEVBQUUsR0FBRztRQUNwQix3QkFBd0IsRUFBRSxnQkFBZ0I7UUFDMUMscUJBQXFCLEVBQUUsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDO1FBQ3ZDLFFBQVEsRUFBRSxHQUFHO1FBQ2IsTUFBTSxFQUFFLE9BQU87UUFDZixTQUFTLEVBQUUsU0FBUztRQUNwQixRQUFRLEVBQUUsYUFBYSxFQUFFO0tBQzFCLEVBQ0Q7UUFDRSxJQUFJLEVBQUUsOEJBQThCO1FBQ3BDLG1CQUFtQixFQUFFLG9CQUFvQjtRQUN6QyxlQUFlLEVBQUUsR0FBRztRQUNwQix3QkFBd0IsRUFBRSxnQkFBZ0I7UUFDMUMscUJBQXFCLEVBQUUsQ0FBQyxJQUFJLEVBQUUsTUFBTSxDQUFDO1FBQ3JDLFFBQVEsRUFBRSxHQUFHO1FBQ2IsTUFBTSxFQUFFLE9BQU87UUFDZixTQUFTLEVBQUUsU0FBUztRQUNwQixRQUFRLEVBQUUsYUFBYSxFQUFFO0tBQzFCLENBQ0YsQ0FBQztJQUVGLFVBQVU7SUFDVixFQUFFLENBQUMsSUFBSSxDQUNMO1FBQ0UsSUFBSSxFQUFFLDZCQUE2QjtRQUNuQyxtQkFBbUIsRUFBRSxHQUFHO1FBQ3hCLGVBQWUsRUFBRSxHQUFHO1FBQ3BCLHdCQUF3QixFQUFFLGdCQUFnQjtRQUMxQyxxQkFBcUIsRUFBRSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUM7UUFDckMsUUFBUSxFQUFFLEdBQUc7UUFDYixNQUFNLEVBQUUsT0FBTztRQUNmLFNBQVMsRUFBRSxVQUFVO1FBQ3JCLFFBQVEsRUFBRSxhQUFhLEVBQUU7S0FDMUIsRUFDRDtRQUNFLElBQUksRUFBRSxpQ0FBaUM7UUFDdkMsbUJBQW1CLEVBQUUsR0FBRztRQUN4QixlQUFlLEVBQUUsR0FBRztRQUNwQix3QkFBd0IsRUFBRSxZQUFZO1FBQ3RDLG9CQUFvQixFQUFFLEtBQUs7UUFDM0IsUUFBUSxFQUFFLEtBQUs7UUFDZixNQUFNLEVBQUUsT0FBTztRQUNmLFNBQVMsRUFBRSxVQUFVO1FBQ3JCLFFBQVEsRUFBRSxhQUFhLEVBQUU7S0FDMUIsRUFDRDtRQUNFLElBQUksRUFBRSxvQ0FBb0M7UUFDMUMsbUJBQW1CLEVBQUUsZ0JBQWdCO1FBQ3JDLGVBQWUsRUFBRSxHQUFHO1FBQ3BCLHdCQUF3QixFQUFFLGdCQUFnQjtRQUMxQyxxQkFBcUIsRUFBRSxDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUM7UUFDdkMsUUFBUSxFQUFFLEtBQUs7UUFDZixNQUFNLEVBQUUsT0FBTztRQUNmLFNBQVMsRUFBRSxVQUFVO1FBQ3JCLFFBQVEsRUFBRSxhQUFhLEVBQUU7S0FDMUIsQ0FZRixDQUFDO0lBQ0YsT0FBTyxFQUFFLENBQUM7QUFDWixDQUFDLENBQUMifQ==
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { BasicResourceArgs } from "../types";
|
|
2
|
+
import { Input } from "@pulumi/pulumi";
|
|
3
|
+
interface NatGatewayProps extends BasicResourceArgs {
|
|
4
|
+
/** the list of public ip address IDs */
|
|
5
|
+
publicIpAddresses?: Input<string>[];
|
|
6
|
+
/** the list of public ip address prefix IDs */
|
|
7
|
+
publicIpPrefixes?: Input<string>[];
|
|
8
|
+
}
|
|
9
|
+
declare const _default: ({ name, group, publicIpPrefixes, publicIpAddresses, dependsOn, }: NatGatewayProps) => import("@pulumi/azure-native/network/natGateway").NatGateway;
|
|
10
|
+
export default _default;
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const network = require("@pulumi/azure-native/network");
|
|
4
|
+
const Naming_1 = require("../Common/Naming");
|
|
5
|
+
exports.default = ({ name, group, publicIpPrefixes, publicIpAddresses, dependsOn, }) => {
|
|
6
|
+
if (!publicIpAddresses && !publicIpPrefixes)
|
|
7
|
+
throw new Error("Either 'publicIpAddresses' or 'publicIpPrefixes' must be provided.");
|
|
8
|
+
name = (0, Naming_1.getNatGatewayName)(name);
|
|
9
|
+
return new network.NatGateway(name, {
|
|
10
|
+
...group,
|
|
11
|
+
natGatewayName: name,
|
|
12
|
+
publicIpAddresses: publicIpAddresses?.map((id) => ({ id })),
|
|
13
|
+
publicIpPrefixes: publicIpPrefixes?.map((id) => ({ id })),
|
|
14
|
+
//refer this https://learn.microsoft.com/en-us/azure/nat-gateway/nat-availability-zones
|
|
15
|
+
//zones: isPrd ? ["1", "2", "3"] : undefined,
|
|
16
|
+
sku: {
|
|
17
|
+
name: network.NatGatewaySkuName.Standard,
|
|
18
|
+
},
|
|
19
|
+
}, { dependsOn });
|
|
20
|
+
};
|
|
21
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTmF0R2F0ZXdheS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9WTmV0L05hdEdhdGV3YXkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSx3REFBd0Q7QUFHeEQsNkNBQXFEO0FBVXJELGtCQUFlLENBQUMsRUFDZCxJQUFJLEVBQ0osS0FBSyxFQUNMLGdCQUFnQixFQUNoQixpQkFBaUIsRUFDakIsU0FBUyxHQUNPLEVBQUUsRUFBRTtJQUNwQixJQUFJLENBQUMsaUJBQWlCLElBQUksQ0FBQyxnQkFBZ0I7UUFDekMsTUFBTSxJQUFJLEtBQUssQ0FDYixvRUFBb0UsQ0FDckUsQ0FBQztJQUVKLElBQUksR0FBRyxJQUFBLDBCQUFpQixFQUFDLElBQUksQ0FBQyxDQUFDO0lBQy9CLE9BQU8sSUFBSSxPQUFPLENBQUMsVUFBVSxDQUMzQixJQUFJLEVBQ0o7UUFDRSxHQUFHLEtBQUs7UUFDUixjQUFjLEVBQUUsSUFBSTtRQUNwQixpQkFBaUIsRUFBRSxpQkFBaUIsRUFBRSxHQUFHLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQzNELGdCQUFnQixFQUFFLGdCQUFnQixFQUFFLEdBQUcsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDekQsdUZBQXVGO1FBQ3ZGLDZDQUE2QztRQUM3QyxHQUFHLEVBQUU7WUFDSCxJQUFJLEVBQUUsT0FBTyxDQUFDLGlCQUFpQixDQUFDLFFBQVE7U0FDekM7S0FDRixFQUNELEVBQUUsU0FBUyxFQUFFLENBQ2QsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9
|
package/VNet/NetworkPeering.d.ts
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import { Input } from
|
|
1
|
+
import { Input } from "@pulumi/pulumi";
|
|
2
|
+
import { VnetInfoType } from "./types";
|
|
3
|
+
export type PeeringDirectionType = "Unidirectional" | "Bidirectional";
|
|
2
4
|
export interface VNetPeeringProps {
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
secondVNetName: Input<string>;
|
|
7
|
-
secondVNetResourceGroupName: Input<string>;
|
|
5
|
+
firstVnet: Input<VnetInfoType>;
|
|
6
|
+
secondVnet: Input<VnetInfoType>;
|
|
7
|
+
direction?: PeeringDirectionType;
|
|
8
8
|
}
|
|
9
|
-
declare const _default: ({
|
|
9
|
+
declare const _default: ({ direction, firstVnet, secondVnet, }: VNetPeeringProps) => void;
|
|
10
10
|
export default _default;
|
package/VNet/NetworkPeering.js
CHANGED
|
@@ -2,28 +2,37 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
const StackEnv_1 = require("../Common/StackEnv");
|
|
4
4
|
const network = require("@pulumi/azure-native/network");
|
|
5
|
-
const AzureEnv_1 = require("../Common/AzureEnv");
|
|
6
5
|
const pulumi_1 = require("@pulumi/pulumi");
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
virtualNetworkName: firstVNetName,
|
|
11
|
-
resourceGroupName: firstVNetResourceGroupName,
|
|
12
|
-
allowForwardedTraffic: true,
|
|
13
|
-
allowVirtualNetworkAccess: true,
|
|
14
|
-
remoteVirtualNetwork: {
|
|
15
|
-
id: (0, pulumi_1.interpolate) `/subscriptions/${AzureEnv_1.subscriptionId}/resourceGroups/${secondVNetResourceGroupName}/providers/Microsoft.Network/virtualNetworks/${secondVNetName}`,
|
|
16
|
-
},
|
|
17
|
-
});
|
|
18
|
-
new network.VirtualNetworkPeering(`${StackEnv_1.stack}-${name}-second-vlk`, {
|
|
19
|
-
virtualNetworkPeeringName: `${StackEnv_1.stack}-${name}-second-vlk`,
|
|
20
|
-
virtualNetworkName: secondVNetName,
|
|
21
|
-
resourceGroupName: secondVNetResourceGroupName,
|
|
6
|
+
const AzureEnv_1 = require("../Common/AzureEnv");
|
|
7
|
+
exports.default = ({ direction = "Unidirectional", firstVnet, secondVnet, }) => {
|
|
8
|
+
const commonProps = {
|
|
22
9
|
allowForwardedTraffic: true,
|
|
23
10
|
allowVirtualNetworkAccess: true,
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
11
|
+
allowGatewayTransit: true,
|
|
12
|
+
syncRemoteAddressSpace: "true",
|
|
13
|
+
useRemoteGateways: false,
|
|
14
|
+
doNotVerifyRemoteGateways: true,
|
|
15
|
+
};
|
|
16
|
+
(0, pulumi_1.all)([firstVnet, secondVnet]).apply(([first, second]) => {
|
|
17
|
+
new network.VirtualNetworkPeering(`${StackEnv_1.stack}-${first.vnetName}-${second.vnetName}-vlk`, {
|
|
18
|
+
...commonProps,
|
|
19
|
+
virtualNetworkPeeringName: `${StackEnv_1.stack}-${first.vnetName}-${second.vnetName}-vlk`,
|
|
20
|
+
virtualNetworkName: first.vnetName,
|
|
21
|
+
resourceGroupName: first.resourceGroupName,
|
|
22
|
+
remoteVirtualNetwork: {
|
|
23
|
+
id: (0, pulumi_1.interpolate) `/subscriptions/${second.subscriptionId ?? AzureEnv_1.subscriptionId}/resourceGroups/${second.resourceGroupName}/providers/Microsoft.Network/virtualNetworks/${second.vnetName}`,
|
|
24
|
+
},
|
|
25
|
+
}, { deleteBeforeReplace: true });
|
|
26
|
+
if (direction === "Bidirectional")
|
|
27
|
+
new network.VirtualNetworkPeering(`${StackEnv_1.stack}-${second.vnetName}-${first.vnetName}-vlk`, {
|
|
28
|
+
...commonProps,
|
|
29
|
+
virtualNetworkPeeringName: `${StackEnv_1.stack}-${second.vnetName}-${first.vnetName}-vlk`,
|
|
30
|
+
virtualNetworkName: second.vnetName,
|
|
31
|
+
resourceGroupName: second.resourceGroupName,
|
|
32
|
+
remoteVirtualNetwork: {
|
|
33
|
+
id: (0, pulumi_1.interpolate) `/subscriptions/${first.subscriptionId ?? AzureEnv_1.subscriptionId}/resourceGroups/${first.resourceGroupName}/providers/Microsoft.Network/virtualNetworks/${first.vnetName}`,
|
|
34
|
+
},
|
|
35
|
+
}, { deleteBeforeReplace: true });
|
|
27
36
|
});
|
|
28
37
|
};
|
|
29
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
38
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTmV0d29ya1BlZXJpbmcuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvVk5ldC9OZXR3b3JrUGVlcmluZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLGlEQUEyQztBQUMzQyx3REFBd0Q7QUFDeEQsMkNBQXlEO0FBR3pELGlEQUFvRDtBQVVwRCxrQkFBZSxDQUFDLEVBQ2QsU0FBUyxHQUFHLGdCQUFnQixFQUM1QixTQUFTLEVBQ1QsVUFBVSxHQUNPLEVBQUUsRUFBRTtJQUNyQixNQUFNLFdBQVcsR0FBdUM7UUFDdEQscUJBQXFCLEVBQUUsSUFBSTtRQUMzQix5QkFBeUIsRUFBRSxJQUFJO1FBQy9CLG1CQUFtQixFQUFFLElBQUk7UUFDekIsc0JBQXNCLEVBQUUsTUFBTTtRQUM5QixpQkFBaUIsRUFBRSxLQUFLO1FBQ3hCLHlCQUF5QixFQUFFLElBQUk7S0FDaEMsQ0FBQztJQUVGLElBQUEsWUFBRyxFQUFDLENBQUMsU0FBUyxFQUFFLFVBQVUsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDLEVBQUUsRUFBRTtRQUNyRCxJQUFJLE9BQU8sQ0FBQyxxQkFBcUIsQ0FDL0IsR0FBRyxnQkFBSyxJQUFJLEtBQUssQ0FBQyxRQUFRLElBQUksTUFBTSxDQUFDLFFBQVEsTUFBTSxFQUNuRDtZQUNFLEdBQUcsV0FBVztZQUNkLHlCQUF5QixFQUFFLEdBQUcsZ0JBQUssSUFBSSxLQUFLLENBQUMsUUFBUSxJQUFJLE1BQU0sQ0FBQyxRQUFRLE1BQU07WUFDOUUsa0JBQWtCLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDbEMsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLGlCQUFpQjtZQUMxQyxvQkFBb0IsRUFBRTtnQkFDcEIsRUFBRSxFQUFFLElBQUEsb0JBQVcsRUFBQSxrQkFBa0IsTUFBTSxDQUFDLGNBQWMsSUFBSSx5QkFBYyxtQkFBbUIsTUFBTSxDQUFDLGlCQUFpQixnREFBZ0QsTUFBTSxDQUFDLFFBQVEsRUFBRTthQUNyTDtTQUNGLEVBQ0QsRUFBRSxtQkFBbUIsRUFBRSxJQUFJLEVBQUUsQ0FDOUIsQ0FBQztRQUVGLElBQUksU0FBUyxLQUFLLGVBQWU7WUFDL0IsSUFBSSxPQUFPLENBQUMscUJBQXFCLENBQy9CLEdBQUcsZ0JBQUssSUFBSSxNQUFNLENBQUMsUUFBUSxJQUFJLEtBQUssQ0FBQyxRQUFRLE1BQU0sRUFDbkQ7Z0JBQ0UsR0FBRyxXQUFXO2dCQUNkLHlCQUF5QixFQUFFLEdBQUcsZ0JBQUssSUFBSSxNQUFNLENBQUMsUUFBUSxJQUFJLEtBQUssQ0FBQyxRQUFRLE1BQU07Z0JBQzlFLGtCQUFrQixFQUFFLE1BQU0sQ0FBQyxRQUFRO2dCQUNuQyxpQkFBaUIsRUFBRSxNQUFNLENBQUMsaUJBQWlCO2dCQUMzQyxvQkFBb0IsRUFBRTtvQkFDcEIsRUFBRSxFQUFFLElBQUEsb0JBQVcsRUFBQSxrQkFBa0IsS0FBSyxDQUFDLGNBQWMsSUFBSSx5QkFBYyxtQkFBbUIsS0FBSyxDQUFDLGlCQUFpQixnREFBZ0QsS0FBSyxDQUFDLFFBQVEsRUFBRTtpQkFDbEw7YUFDRixFQUNELEVBQUUsbUJBQW1CLEVBQUUsSUFBSSxFQUFFLENBQzlCLENBQUM7SUFDTixDQUFDLENBQUMsQ0FBQztBQUNMLENBQUMsQ0FBQyJ9
|