@drunk-pulumi/azure 0.0.37 → 0.0.38
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Aks/Helper.d.ts +6 -11
- package/Aks/Helper.js +40 -65
- package/Aks/Identity.d.ts +3 -10
- package/Aks/Identity.js +9 -8
- package/Aks/index.d.ts +67 -71
- package/Aks/index.js +198 -314
- package/Apim/ApiProduct/PolicyBuilder.js +25 -27
- package/Apim/ApiProduct/SwaggerHelper.js +1 -3
- package/Apim/ApiProduct/index.d.ts +3 -3
- package/Apim/ApiProduct/index.js +1 -2
- package/Automation/index.d.ts +7 -0
- package/Automation/index.js +55 -0
- package/AzAd/EnvRoles.Consts.d.ts +12 -0
- package/AzAd/EnvRoles.Consts.js +125 -0
- package/AzAd/EnvRoles.d.ts +16 -15
- package/AzAd/EnvRoles.js +69 -47
- package/AzAd/GraphDefinition.d.ts +2 -2
- package/AzAd/GraphDefinition.js +3055 -3056
- package/AzAd/Helper.d.ts +24 -13
- package/AzAd/Helper.js +98 -25
- package/AzAd/Identities/AzDevOpsIdentity.d.ts +12 -0
- package/AzAd/Identities/AzDevOpsIdentity.js +32 -0
- package/AzAd/Identities/AzDevOpsManagedIdentity.d.ts +7 -0
- package/AzAd/Identities/AzDevOpsManagedIdentity.js +15 -0
- package/AzAd/Identities/AzUserAdRevertSync.d.ts +2 -9
- package/AzAd/Identities/AzUserAdRevertSync.js +4 -5
- package/AzAd/Identities/index.d.ts +3 -0
- package/AzAd/Identities/index.js +10 -0
- package/AzAd/Identity.d.ts +10 -22
- package/AzAd/Identity.js +50 -61
- package/AzAd/Role.d.ts +2 -3
- package/AzAd/Role.js +4 -5
- package/AzAd/RoleAssignment.d.ts +34 -5
- package/AzAd/RoleAssignment.js +2 -2
- package/AzAd/RoleDefinitions/JustInTimeRequestRole.d.ts +2 -0
- package/AzAd/RoleDefinitions/JustInTimeRequestRole.js +25 -0
- package/AzAd/RolesBuiltIn.d.ts +29 -0
- package/AzAd/RolesBuiltIn.js +13034 -8058
- package/AzAd/UserAssignedIdentity.d.ts +6 -0
- package/AzAd/UserAssignedIdentity.js +27 -0
- package/Builder/AksBuilder.d.ts +3 -0
- package/Builder/AksBuilder.js +95 -0
- package/Builder/VnetBuilder.d.ts +3 -0
- package/Builder/VnetBuilder.js +279 -0
- package/Builder/index.d.ts +2 -0
- package/Builder/index.js +8 -0
- package/Builder/types.d.ts +120 -0
- package/Builder/types.js +18 -0
- package/Certificate/index.d.ts +1 -1
- package/Certificate/index.js +26 -28
- package/Common/AutoTags.js +2 -2
- package/Common/AzureEnv.d.ts +4 -3
- package/Common/AzureEnv.js +31 -24
- package/Common/GlobalEnv.d.ts +1 -2
- package/Common/GlobalEnv.js +7 -7
- package/Common/Location.d.ts +3 -3
- package/Common/Location.js +22 -9
- package/Common/LocationBuiltIn.d.ts +6 -81
- package/Common/LocationBuiltIn.js +491 -1923
- package/Common/Naming/index.d.ts +6 -4
- package/Common/Naming/index.js +64 -60
- package/Common/ResourceEnv.d.ts +2 -2
- package/Common/ResourceEnv.js +11 -10
- package/Common/StackEnv.js +2 -9
- package/Core/KeyGenetators.d.ts +16 -20
- package/Core/KeyGenetators.js +17 -16
- package/Core/Random.d.ts +4 -4
- package/Core/Random.js +10 -10
- package/Core/ResourceGroup.d.ts +12 -6
- package/Core/ResourceGroup.js +12 -24
- package/IOT/Hub/index.d.ts +4 -8
- package/IOT/Hub/index.js +19 -54
- package/KeyVault/Helper.d.ts +8 -6
- package/KeyVault/Helper.js +13 -19
- package/KeyVault/index.d.ts +1 -3
- package/KeyVault/index.js +2 -26
- package/Logs/Helpers.d.ts +35 -25
- package/Logs/Helpers.js +33 -20
- package/Logs/LogAnalytics.d.ts +2 -2
- package/Logs/LogAnalytics.js +15 -6
- package/Logs/index.d.ts +3 -3
- package/Logs/index.js +4 -4
- package/MySql/index.d.ts +2 -3
- package/MySql/index.js +16 -19
- package/{ReadMe.md → README.md} +6 -1
- package/Sql/index.d.ts +15 -9
- package/Sql/index.js +39 -41
- package/Storage/CdnEndpoint.d.ts +2 -2
- package/Storage/CdnEndpoint.js +14 -15
- package/Storage/Helper.d.ts +2 -2
- package/Storage/Helper.js +6 -6
- package/Storage/ManagementRules.d.ts +5 -23
- package/Storage/ManagementRules.js +3 -3
- package/Storage/index.d.ts +3 -3
- package/Storage/index.js +28 -28
- package/VM/AzureDevOpsExtension.d.ts +16 -0
- package/VM/AzureDevOpsExtension.js +14 -0
- package/VM/Extension.d.ts +15 -0
- package/VM/Extension.js +13 -0
- package/VM/GlobalSchedule.d.ts +10 -0
- package/VM/GlobalSchedule.js +20 -0
- package/VM/index.d.ts +18 -18
- package/VM/index.js +94 -57
- package/VNet/Bastion.d.ts +4 -4
- package/VNet/Bastion.js +12 -8
- package/VNet/Firewall.d.ts +19 -12
- package/VNet/Firewall.js +59 -40
- package/VNet/FirewallPolicies/AksFirewallPolicy.d.ts +16 -16
- package/VNet/FirewallPolicies/AksFirewallPolicy.js +193 -220
- package/VNet/FirewallPolicies/CloudPCFirewallPolicy.d.ts +12 -10
- package/VNet/FirewallPolicies/CloudPCFirewallPolicy.js +170 -282
- package/VNet/FirewallPolicies/DefaultFirewallPolicy.d.ts +3 -0
- package/VNet/FirewallPolicies/DefaultFirewallPolicy.js +25 -0
- package/VNet/FirewallPolicies/index.d.ts +4 -0
- package/VNet/FirewallPolicies/index.js +10 -0
- package/VNet/FirewallPolicy.d.ts +14 -11
- package/VNet/FirewallPolicy.js +67 -74
- package/VNet/FirewallRules/AksFirewallRules.d.ts +4 -3
- package/VNet/FirewallRules/AksFirewallRules.js +101 -100
- package/VNet/Helper.d.ts +8 -4
- package/VNet/Helper.js +42 -35
- package/VNet/IpAddress.d.ts +6 -8
- package/VNet/IpAddress.js +6 -11
- package/VNet/IpAddressPrefix.d.ts +12 -9
- package/VNet/IpAddressPrefix.js +14 -13
- package/VNet/NSGRules/AppGatewaySecurityRule.d.ts +9 -0
- package/VNet/NSGRules/AppGatewaySecurityRule.js +46 -0
- package/VNet/NSGRules/AzADSecurityRule.d.ts +6 -0
- package/VNet/NSGRules/AzADSecurityRule.js +39 -0
- package/VNet/NSGRules/BastionSecurityRule.d.ts +9 -0
- package/VNet/NSGRules/BastionSecurityRule.js +93 -0
- package/VNet/NatGateway.d.ts +10 -0
- package/VNet/NatGateway.js +21 -0
- package/VNet/NetworkPeering.d.ts +7 -7
- package/VNet/NetworkPeering.js +29 -20
- package/VNet/PrivateDns.d.ts +8 -10
- package/VNet/PrivateDns.js +12 -14
- package/VNet/PrivateEndpoint.js +5 -2
- package/VNet/RouteTable.d.ts +7 -8
- package/VNet/RouteTable.js +6 -6
- package/VNet/SecurityGroup.d.ts +4 -4
- package/VNet/SecurityGroup.js +7 -3
- package/VNet/Subnet.d.ts +10 -7
- package/VNet/Subnet.js +4 -3
- package/VNet/VPNGateway.d.ts +13 -0
- package/VNet/VPNGateway.js +73 -0
- package/VNet/VirtualWAN.d.ts +7 -10
- package/VNet/VirtualWAN.js +1 -1
- package/VNet/Vnet.d.ts +29 -23
- package/VNet/Vnet.js +58 -121
- package/VNet/index.d.ts +17 -18
- package/VNet/index.js +41 -54
- package/VNet/types.d.ts +94 -0
- package/VNet/types.js +3 -0
- package/Web/types.d.ts +2 -134
- package/package.json +8 -8
- package/types.d.ts +22 -8
- package/z_tests/_tools/Mocks.js +12 -13
- package/Automation/AutoAccount.d.ts +0 -5
- package/Automation/AutoAccount.js +0 -18
- package/AzAd/Identities/AzDevOps.d.ts +0 -23
- package/AzAd/Identities/AzDevOps.js +0 -61
- package/AzAd/KeyVaultRoles.d.ts +0 -8
- package/AzAd/KeyVaultRoles.js +0 -53
- package/AzAd/ManagedIdentity.d.ts +0 -6
- package/AzAd/ManagedIdentity.js +0 -20
- package/AzAd/UserIdentity.d.ts +0 -5
- package/AzAd/UserIdentity.js +0 -12
- package/Common/Naming/AzureRegions.d.ts +0 -4
- package/Common/Naming/AzureRegions.js +0 -49
- package/KeyVault/VaultPermissions.d.ts +0 -27
- package/KeyVault/VaultPermissions.js +0 -226
- package/VNet/FirewallRules/types.d.ts +0 -20
- package/VNet/FirewallRules/types.js +0 -5
- package/VNet/NSGRules/AzADService.d.ts +0 -10
- package/VNet/NSGRules/AzADService.js +0 -45
package/VNet/FirewallPolicy.js
CHANGED
|
@@ -1,93 +1,87 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.FirewallPolicyGroup = exports.linkRulesToPolicy = void 0;
|
|
4
4
|
const network = require("@pulumi/azure-native/network");
|
|
5
5
|
const types_1 = require("@pulumi/azure-native/types");
|
|
6
6
|
const Naming_1 = require("../Common/Naming");
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
const
|
|
20
|
-
const
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
action: {
|
|
28
|
-
type: types_1.enums.network.FirewallPolicyNatRuleCollectionActionType.DNAT,
|
|
29
|
-
},
|
|
30
|
-
ruleCollectionType: 'FirewallPolicyNatRuleCollection',
|
|
31
|
-
rules: r.dnatRules,
|
|
32
|
-
});
|
|
33
|
-
}
|
|
34
|
-
if (r.networkRules && r.networkRules.length > 0) {
|
|
35
|
-
ruleCollections.push({
|
|
36
|
-
name: `${r.name}-net`,
|
|
37
|
-
priority: i + p++,
|
|
38
|
-
action: {
|
|
39
|
-
type: types_1.enums.network.FirewallPolicyFilterRuleCollectionActionType
|
|
40
|
-
.Allow,
|
|
41
|
-
},
|
|
42
|
-
ruleCollectionType: 'FirewallPolicyFilterRuleCollection',
|
|
43
|
-
rules: r.networkRules,
|
|
44
|
-
});
|
|
45
|
-
}
|
|
46
|
-
if (r.applicationRules && r.applicationRules.length > 0) {
|
|
47
|
-
ruleCollections.push({
|
|
48
|
-
name: `${r.name}-app`,
|
|
49
|
-
priority: i + 200 + p++,
|
|
50
|
-
action: {
|
|
51
|
-
type: types_1.enums.network.FirewallPolicyFilterRuleCollectionActionType
|
|
52
|
-
.Allow,
|
|
53
|
-
},
|
|
54
|
-
ruleCollectionType: 'FirewallPolicyFilterRuleCollection',
|
|
55
|
-
rules: r.applicationRules,
|
|
56
|
-
});
|
|
57
|
-
}
|
|
58
|
-
});
|
|
59
|
-
if (enableDenyOtherAppRule) {
|
|
60
|
-
//Denied others
|
|
61
|
-
ruleCollections.push({
|
|
62
|
-
name: `${name}-deny-others`,
|
|
63
|
-
priority: 6001,
|
|
7
|
+
const linkRulesToPolicy = ({ firewallPolicyName, group, rules, dependsOn, }) => rules
|
|
8
|
+
.sort((a, b) => a.priority - b.priority)
|
|
9
|
+
.map((p) => {
|
|
10
|
+
const gr = new network.FirewallPolicyRuleCollectionGroup(p.name, {
|
|
11
|
+
...group,
|
|
12
|
+
...p,
|
|
13
|
+
firewallPolicyName,
|
|
14
|
+
}, { dependsOn });
|
|
15
|
+
dependsOn = gr;
|
|
16
|
+
return gr;
|
|
17
|
+
});
|
|
18
|
+
exports.linkRulesToPolicy = linkRulesToPolicy;
|
|
19
|
+
const FirewallPolicyGroup = ({ policy, priority, action = types_1.enums.network.FirewallPolicyFilterRuleCollectionActionType.Allow, }) => {
|
|
20
|
+
const policyCollections = new Array();
|
|
21
|
+
// DNAT rules
|
|
22
|
+
let pStart = priority + 1;
|
|
23
|
+
if (policy.dnatRules && policy.dnatRules.length > 0) {
|
|
24
|
+
policyCollections.push({
|
|
25
|
+
name: `${policy.name}-dnat`,
|
|
26
|
+
priority: pStart++,
|
|
64
27
|
action: {
|
|
65
|
-
type: types_1.enums.network.
|
|
28
|
+
type: types_1.enums.network.FirewallPolicyNatRuleCollectionActionType.DNAT,
|
|
66
29
|
},
|
|
67
|
-
ruleCollectionType:
|
|
68
|
-
rules:
|
|
30
|
+
ruleCollectionType: "FirewallPolicyNatRuleCollection",
|
|
31
|
+
rules: policy.dnatRules,
|
|
69
32
|
});
|
|
70
33
|
}
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
34
|
+
// Network rules
|
|
35
|
+
if (policy.netRules && policy.netRules.length > 0) {
|
|
36
|
+
policyCollections.push({
|
|
37
|
+
name: `${policy.name}-net`,
|
|
38
|
+
priority: pStart++,
|
|
39
|
+
action: {
|
|
40
|
+
type: action,
|
|
41
|
+
},
|
|
42
|
+
ruleCollectionType: "FirewallPolicyFilterRuleCollection",
|
|
43
|
+
rules: policy.netRules,
|
|
44
|
+
});
|
|
45
|
+
}
|
|
46
|
+
// Apps rules
|
|
47
|
+
if (policy.appRules && policy.appRules.length > 0) {
|
|
48
|
+
policyCollections.push({
|
|
49
|
+
name: `${policy.name}-app`,
|
|
50
|
+
priority: pStart++,
|
|
51
|
+
action: {
|
|
52
|
+
type: action,
|
|
53
|
+
},
|
|
54
|
+
ruleCollectionType: "FirewallPolicyFilterRuleCollection",
|
|
55
|
+
rules: policy.appRules,
|
|
56
|
+
});
|
|
57
|
+
}
|
|
58
|
+
return {
|
|
59
|
+
name: `${policy.name}-grp`,
|
|
76
60
|
priority,
|
|
77
|
-
ruleCollections,
|
|
78
|
-
}
|
|
61
|
+
ruleCollections: policyCollections,
|
|
62
|
+
};
|
|
79
63
|
};
|
|
80
|
-
exports.
|
|
64
|
+
exports.FirewallPolicyGroup = FirewallPolicyGroup;
|
|
81
65
|
exports.default = ({ name, group, basePolicyId, dnsSettings, transportSecurityCA, insights, sku = types_1.enums.network.FirewallPolicySkuTier.Basic, dependsOn, }) => {
|
|
82
66
|
name = (0, Naming_1.getFirewallPolicyName)(name);
|
|
83
|
-
|
|
67
|
+
return new network.FirewallPolicy(name, {
|
|
84
68
|
firewallPolicyName: name,
|
|
85
69
|
...group,
|
|
86
70
|
sku: { tier: sku },
|
|
87
71
|
basePolicy: basePolicyId ? { id: basePolicyId } : undefined,
|
|
88
72
|
dnsSettings,
|
|
89
|
-
|
|
90
|
-
|
|
73
|
+
snat: {
|
|
74
|
+
//Auto learn need a Route Server
|
|
75
|
+
autoLearnPrivateRanges: "Enabled",
|
|
76
|
+
privateRanges: ["IANAPrivateRanges"],
|
|
77
|
+
},
|
|
78
|
+
sql: {
|
|
79
|
+
allowSqlRedirect: true,
|
|
80
|
+
},
|
|
81
|
+
threatIntelMode: sku !== types_1.enums.network.FirewallPolicySkuTier.Basic
|
|
82
|
+
? types_1.enums.network.AzureFirewallThreatIntelMode.Deny
|
|
83
|
+
: undefined,
|
|
84
|
+
transportSecurity: sku !== types_1.enums.network.FirewallPolicySkuTier.Basic && transportSecurityCA
|
|
91
85
|
? { certificateAuthority: transportSecurityCA }
|
|
92
86
|
: undefined,
|
|
93
87
|
insights: insights
|
|
@@ -103,6 +97,5 @@ exports.default = ({ name, group, basePolicyId, dnsSettings, transportSecurityCA
|
|
|
103
97
|
}
|
|
104
98
|
: undefined,
|
|
105
99
|
}, { dependsOn });
|
|
106
|
-
return policy;
|
|
107
100
|
};
|
|
108
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
101
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRmlyZXdhbGxQb2xpY3kuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvVk5ldC9GaXJld2FsbFBvbGljeS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSx3REFBd0Q7QUFDeEQsc0RBQW9FO0FBT3BFLDZDQUF5RDtBQWFsRCxNQUFNLGlCQUFpQixHQUFHLENBQUMsRUFDaEMsa0JBQWtCLEVBQ2xCLEtBQUssRUFDTCxLQUFLLEVBQ0wsU0FBUyxHQUNRLEVBQUUsRUFBRSxDQUNyQixLQUFLO0tBQ0YsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFFBQVEsR0FBRyxDQUFDLENBQUMsUUFBUSxDQUFDO0tBQ3ZDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFO0lBQ1QsTUFBTSxFQUFFLEdBQUcsSUFBSSxPQUFPLENBQUMsaUNBQWlDLENBQ3RELENBQUMsQ0FBQyxJQUFJLEVBQ047UUFDRSxHQUFHLEtBQUs7UUFDUixHQUFHLENBQUM7UUFDSixrQkFBa0I7S0FDbkIsRUFDRCxFQUFFLFNBQVMsRUFBRSxDQUNkLENBQUM7SUFDRixTQUFTLEdBQUcsRUFBRSxDQUFDO0lBQ2YsT0FBTyxFQUFFLENBQUM7QUFDWixDQUFDLENBQUMsQ0FBQztBQXBCTSxRQUFBLGlCQUFpQixxQkFvQnZCO0FBcUJBLE1BQU0sbUJBQW1CLEdBQUcsQ0FBQyxFQUNsQyxNQUFNLEVBQ04sUUFBUSxFQUNSLE1BQU0sR0FBRyxhQUFLLENBQUMsT0FBTyxDQUFDLDRDQUE0QyxDQUFDLEtBQUssR0FLMUUsRUFBdUMsRUFBRTtJQUN4QyxNQUFNLGlCQUFpQixHQUFHLElBQUksS0FBSyxFQUtoQyxDQUFDO0lBRUosYUFBYTtJQUNiLElBQUksTUFBTSxHQUFHLFFBQVEsR0FBRyxDQUFDLENBQUM7SUFDMUIsSUFBSSxNQUFNLENBQUMsU0FBUyxJQUFJLE1BQU0sQ0FBQyxTQUFTLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1FBQ3BELGlCQUFpQixDQUFDLElBQUksQ0FBQztZQUNyQixJQUFJLEVBQUUsR0FBRyxNQUFNLENBQUMsSUFBSSxPQUFPO1lBQzNCLFFBQVEsRUFBRSxNQUFNLEVBQUU7WUFDbEIsTUFBTSxFQUFFO2dCQUNOLElBQUksRUFBRSxhQUFLLENBQUMsT0FBTyxDQUFDLHlDQUF5QyxDQUFDLElBQUk7YUFDbkU7WUFDRCxrQkFBa0IsRUFBRSxpQ0FBaUM7WUFDckQsS0FBSyxFQUFFLE1BQU0sQ0FBQyxTQUFTO1NBQ3hCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxnQkFBZ0I7SUFDaEIsSUFBSSxNQUFNLENBQUMsUUFBUSxJQUFJLE1BQU0sQ0FBQyxRQUFRLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1FBQ2xELGlCQUFpQixDQUFDLElBQUksQ0FBQztZQUNyQixJQUFJLEVBQUUsR0FBRyxNQUFNLENBQUMsSUFBSSxNQUFNO1lBQzFCLFFBQVEsRUFBRSxNQUFNLEVBQUU7WUFDbEIsTUFBTSxFQUFFO2dCQUNOLElBQUksRUFBRSxNQUFNO2FBQ2I7WUFDRCxrQkFBa0IsRUFBRSxvQ0FBb0M7WUFDeEQsS0FBSyxFQUFFLE1BQU0sQ0FBQyxRQUFRO1NBQ3ZCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxhQUFhO0lBQ2IsSUFBSSxNQUFNLENBQUMsUUFBUSxJQUFJLE1BQU0sQ0FBQyxRQUFRLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1FBQ2xELGlCQUFpQixDQUFDLElBQUksQ0FBQztZQUNyQixJQUFJLEVBQUUsR0FBRyxNQUFNLENBQUMsSUFBSSxNQUFNO1lBQzFCLFFBQVEsRUFBRSxNQUFNLEVBQUU7WUFDbEIsTUFBTSxFQUFFO2dCQUNOLElBQUksRUFBRSxNQUFNO2FBQ2I7WUFDRCxrQkFBa0IsRUFBRSxvQ0FBb0M7WUFDeEQsS0FBSyxFQUFFLE1BQU0sQ0FBQyxRQUFRO1NBQ3ZCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxPQUFPO1FBQ0wsSUFBSSxFQUFFLEdBQUcsTUFBTSxDQUFDLElBQUksTUFBTTtRQUMxQixRQUFRO1FBQ1IsZUFBZSxFQUFFLGlCQUFpQjtLQUNuQyxDQUFDO0FBQ0osQ0FBQyxDQUFDO0FBN0RXLFFBQUEsbUJBQW1CLHVCQTZEOUI7QUFFRixrQkFBZSxDQUFDLEVBQ2QsSUFBSSxFQUNKLEtBQUssRUFDTCxZQUFZLEVBQ1osV0FBVyxFQUNYLG1CQUFtQixFQUNuQixRQUFRLEVBQ1IsR0FBRyxHQUFHLGFBQUssQ0FBQyxPQUFPLENBQUMscUJBQXFCLENBQUMsS0FBSyxFQUMvQyxTQUFTLEdBQ0gsRUFBRSxFQUFFO0lBQ1YsSUFBSSxHQUFHLElBQUEsOEJBQXFCLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFDbkMsT0FBTyxJQUFJLE9BQU8sQ0FBQyxjQUFjLENBQy9CLElBQUksRUFDSjtRQUNFLGtCQUFrQixFQUFFLElBQUk7UUFDeEIsR0FBRyxLQUFLO1FBQ1IsR0FBRyxFQUFFLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRTtRQUVsQixVQUFVLEVBQUUsWUFBWSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRSxZQUFZLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUztRQUMzRCxXQUFXO1FBQ1gsSUFBSSxFQUFFO1lBQ0osZ0NBQWdDO1lBQ2hDLHNCQUFzQixFQUFFLFNBQVM7WUFDakMsYUFBYSxFQUFFLENBQUMsbUJBQW1CLENBQUM7U0FDckM7UUFDRCxHQUFHLEVBQUU7WUFDSCxnQkFBZ0IsRUFBRSxJQUFJO1NBQ3ZCO1FBRUQsZUFBZSxFQUNiLEdBQUcsS0FBSyxhQUFLLENBQUMsT0FBTyxDQUFDLHFCQUFxQixDQUFDLEtBQUs7WUFDL0MsQ0FBQyxDQUFDLGFBQUssQ0FBQyxPQUFPLENBQUMsNEJBQTRCLENBQUMsSUFBSTtZQUNqRCxDQUFDLENBQUMsU0FBUztRQUVmLGlCQUFpQixFQUNmLEdBQUcsS0FBSyxhQUFLLENBQUMsT0FBTyxDQUFDLHFCQUFxQixDQUFDLEtBQUssSUFBSSxtQkFBbUI7WUFDdEUsQ0FBQyxDQUFDLEVBQUUsb0JBQW9CLEVBQUUsbUJBQW1CLEVBQUU7WUFDL0MsQ0FBQyxDQUFDLFNBQVM7UUFFZixRQUFRLEVBQUUsUUFBUTtZQUNoQixDQUFDLENBQUM7Z0JBQ0UsU0FBUyxFQUFFLElBQUk7Z0JBQ2YscUJBQXFCLEVBQUU7b0JBQ3JCLGtCQUFrQixFQUFFLEVBQUUsRUFBRSxFQUFFLFFBQVEsQ0FBQyxrQkFBa0IsRUFBRTtvQkFDdkQsVUFBVSxFQUFFLFFBQVEsQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO3dCQUMxQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLE9BQU87d0JBQ2pCLFdBQVcsRUFBRSxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUMsV0FBVyxFQUFFO3FCQUNuQyxDQUFDLENBQUM7aUJBQ0o7YUFDRjtZQUNILENBQUMsQ0FBQyxTQUFTO0tBQ2QsRUFDRCxFQUFFLFNBQVMsRUFBRSxDQUNkLENBQUM7QUFDSixDQUFDLENBQUMifQ==
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { Input } from
|
|
2
|
-
import { FirewallRuleResults } from
|
|
1
|
+
import { Input } from "@pulumi/pulumi";
|
|
2
|
+
import { FirewallRuleResults } from "../types";
|
|
3
3
|
interface BasicRuleProps {
|
|
4
4
|
startPriority: number;
|
|
5
5
|
}
|
|
@@ -9,7 +9,8 @@ interface NatRuleProps extends BasicRuleProps {
|
|
|
9
9
|
{
|
|
10
10
|
name: string;
|
|
11
11
|
allowHttp?: boolean;
|
|
12
|
-
|
|
12
|
+
/** Default is '*' to allows all requests */
|
|
13
|
+
sourceIpAddress?: Input<string>;
|
|
13
14
|
internalIpAddress: Input<string>;
|
|
14
15
|
}
|
|
15
16
|
];
|
|
@@ -4,42 +4,42 @@ const types_1 = require("@pulumi/azure-native/types");
|
|
|
4
4
|
const getDnatRules = ({ startPriority, publicIpAddresses, dNATs, }) => {
|
|
5
5
|
const rules = new Array();
|
|
6
6
|
rules.push({
|
|
7
|
-
name:
|
|
7
|
+
name: "dnat-rules",
|
|
8
8
|
action: { type: types_1.enums.network.AzureFirewallNatRCActionType.Dnat },
|
|
9
9
|
priority: ++startPriority,
|
|
10
10
|
rules: dNATs.flatMap((nat) => {
|
|
11
11
|
const httpsRule = {
|
|
12
12
|
name: `${nat.name}-inbound-443`,
|
|
13
13
|
description: `Forward port 443 external IpAddress of ${nat.name} to internal IpAddress`,
|
|
14
|
-
sourceAddresses: [nat.
|
|
14
|
+
sourceAddresses: [nat.sourceIpAddress ?? "*"],
|
|
15
15
|
destinationAddresses: publicIpAddresses,
|
|
16
|
-
destinationPorts: [
|
|
17
|
-
protocols: [
|
|
16
|
+
destinationPorts: ["443"],
|
|
17
|
+
protocols: ["TCP"],
|
|
18
18
|
translatedAddress: nat.internalIpAddress,
|
|
19
|
-
translatedPort:
|
|
19
|
+
translatedPort: "443",
|
|
20
20
|
};
|
|
21
21
|
const httpRule = {
|
|
22
22
|
name: `${nat.name}-inbound-80`,
|
|
23
23
|
description: `Forward port 80 external IpAddress of ${nat.name} to internal IpAddress`,
|
|
24
|
-
sourceAddresses: [nat.
|
|
24
|
+
sourceAddresses: [nat.sourceIpAddress ?? "*"],
|
|
25
25
|
destinationAddresses: publicIpAddresses,
|
|
26
|
-
destinationPorts: [
|
|
27
|
-
protocols: [
|
|
26
|
+
destinationPorts: ["80"],
|
|
27
|
+
protocols: ["TCP"],
|
|
28
28
|
translatedAddress: nat.internalIpAddress,
|
|
29
|
-
translatedPort:
|
|
29
|
+
translatedPort: "80",
|
|
30
30
|
};
|
|
31
31
|
return nat.allowHttp ? [httpsRule, httpRule] : [httpsRule];
|
|
32
32
|
}),
|
|
33
33
|
});
|
|
34
34
|
return rules;
|
|
35
35
|
};
|
|
36
|
-
const getAksNetRules = ({ startPriority, location =
|
|
36
|
+
const getAksNetRules = ({ startPriority, location = "SoutheastAsia", vnetAddressSpace, }) => {
|
|
37
37
|
location = location.toLowerCase();
|
|
38
38
|
const rules = new Array();
|
|
39
39
|
//============= Standard Rules for AKS ================== //
|
|
40
40
|
//https://docs.microsoft.com/en-us/azure/aks/limit-egress-traffic
|
|
41
41
|
rules.push({
|
|
42
|
-
name:
|
|
42
|
+
name: "aks-net-rules",
|
|
43
43
|
action: { type: types_1.enums.network.AzureFirewallRCActionType.Allow },
|
|
44
44
|
priority: ++startPriority,
|
|
45
45
|
rules: [
|
|
@@ -53,30 +53,31 @@ const getAksNetRules = ({ startPriority, location = 'SoutheastAsia', vnetAddress
|
|
|
53
53
|
// destinationPorts: ['1194'],
|
|
54
54
|
// },
|
|
55
55
|
{
|
|
56
|
-
name:
|
|
57
|
-
description:
|
|
58
|
-
protocols: [
|
|
56
|
+
name: "aks-tcp",
|
|
57
|
+
description: "For tunneled secure communication between the nodes and the control plane for AzureCloud.SoutheastAsia",
|
|
58
|
+
protocols: ["TCP"],
|
|
59
59
|
sourceAddresses: vnetAddressSpace,
|
|
60
60
|
destinationAddresses: [`AzureCloud.${location}`],
|
|
61
|
-
destinationPorts: [
|
|
61
|
+
destinationPorts: ["443", "9000"],
|
|
62
62
|
},
|
|
63
63
|
{
|
|
64
|
-
name:
|
|
65
|
-
description:
|
|
66
|
-
protocols: [
|
|
64
|
+
name: "aks-time",
|
|
65
|
+
description: "Required for Network Time Protocol (NTP) time synchronization on Linux nodes.",
|
|
66
|
+
protocols: ["UDP"],
|
|
67
67
|
sourceAddresses: vnetAddressSpace,
|
|
68
|
-
destinationFqdns: [
|
|
69
|
-
destinationPorts: [
|
|
70
|
-
},
|
|
71
|
-
{
|
|
72
|
-
name: 'aks-time_others',
|
|
73
|
-
description: 'Required for Network Time Protocol (NTP) time synchronization on Linux nodes.',
|
|
74
|
-
protocols: ['UDP'],
|
|
75
|
-
sourceAddresses: vnetAddressSpace,
|
|
76
|
-
destinationAddresses: ['*'],
|
|
77
|
-
destinationPorts: ['123'],
|
|
68
|
+
destinationFqdns: ["ntp.ubuntu.com"],
|
|
69
|
+
destinationPorts: ["123"],
|
|
78
70
|
},
|
|
79
71
|
// {
|
|
72
|
+
// name: "aks-time_others",
|
|
73
|
+
// description:
|
|
74
|
+
// "Required for Network Time Protocol (NTP) time synchronization on Linux nodes.",
|
|
75
|
+
// protocols: ["UDP"],
|
|
76
|
+
// sourceAddresses: vnetAddressSpace,
|
|
77
|
+
// destinationAddresses: ["*"],
|
|
78
|
+
// destinationPorts: ["123"],
|
|
79
|
+
// },
|
|
80
|
+
// {
|
|
80
81
|
// name: 'aks-control-server',
|
|
81
82
|
// description:
|
|
82
83
|
// 'Required if running pods/deployments that access the API Server, those pods/deployments would use the API IP.',
|
|
@@ -86,33 +87,33 @@ const getAksNetRules = ({ startPriority, location = 'SoutheastAsia', vnetAddress
|
|
|
86
87
|
// destinationPorts: ['443', '10250', '10251'],
|
|
87
88
|
// },
|
|
88
89
|
{
|
|
89
|
-
name:
|
|
90
|
-
description:
|
|
91
|
-
protocols: [
|
|
90
|
+
name: "azure-services-tags",
|
|
91
|
+
description: "Allows internal services to connect to Azure Resources.",
|
|
92
|
+
protocols: ["TCP"],
|
|
92
93
|
sourceAddresses: vnetAddressSpace,
|
|
93
94
|
destinationAddresses: [
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
95
|
+
"AzureContainerRegistry.SoutheastAsia",
|
|
96
|
+
"MicrosoftContainerRegistry.SoutheastAsia",
|
|
97
|
+
"AzureActiveDirectory",
|
|
98
|
+
"AzureMonitor.SoutheastAsia",
|
|
99
|
+
"AppConfiguration",
|
|
100
|
+
"AzureKeyVault.SoutheastAsia",
|
|
100
101
|
//'AzureSignalR', This already using private endpoint
|
|
101
102
|
//'DataFactory.SoutheastAsia',
|
|
102
103
|
//'EventHub.SoutheastAsia',
|
|
103
|
-
|
|
104
|
+
"ServiceBus.SoutheastAsia",
|
|
104
105
|
//'Sql.SoutheastAsia', This already using private endpoint
|
|
105
|
-
|
|
106
|
+
"Storage.SoutheastAsia",
|
|
106
107
|
],
|
|
107
|
-
destinationPorts: [
|
|
108
|
+
destinationPorts: ["443"],
|
|
108
109
|
},
|
|
109
110
|
{
|
|
110
|
-
name:
|
|
111
|
-
description:
|
|
112
|
-
protocols: [
|
|
111
|
+
name: "others-dns",
|
|
112
|
+
description: "Others DNS.",
|
|
113
|
+
protocols: ["TCP", "UDP"],
|
|
113
114
|
sourceAddresses: vnetAddressSpace,
|
|
114
|
-
destinationAddresses: [
|
|
115
|
-
destinationPorts: [
|
|
115
|
+
destinationAddresses: ["*"],
|
|
116
|
+
destinationPorts: ["53"],
|
|
116
117
|
},
|
|
117
118
|
],
|
|
118
119
|
});
|
|
@@ -124,104 +125,104 @@ const getAksAppRules = ({ startPriority, vnetAddressSpace, }) => {
|
|
|
124
125
|
//https://docs.microsoft.com/en-us/azure/aks/limit-egress-traffic
|
|
125
126
|
//AzureKubernetesService
|
|
126
127
|
rules.push({
|
|
127
|
-
name:
|
|
128
|
+
name: "aks-services-fqdn-rules",
|
|
128
129
|
action: { type: types_1.enums.network.AzureFirewallRCActionType.Allow },
|
|
129
130
|
priority: ++startPriority,
|
|
130
131
|
rules: [
|
|
131
132
|
{
|
|
132
|
-
name:
|
|
133
|
-
description:
|
|
133
|
+
name: "aks-services",
|
|
134
|
+
description: "Allows pods to access AzureKubernetesService",
|
|
134
135
|
sourceAddresses: vnetAddressSpace,
|
|
135
136
|
//AzureKubernetesService is allow to access google.com
|
|
136
|
-
fqdnTags: [
|
|
137
|
+
fqdnTags: ["AzureKubernetesService"],
|
|
137
138
|
},
|
|
138
139
|
{
|
|
139
|
-
name:
|
|
140
|
-
description:
|
|
140
|
+
name: "aks-fqdn",
|
|
141
|
+
description: "Azure Global required FQDN",
|
|
141
142
|
sourceAddresses: vnetAddressSpace,
|
|
142
143
|
targetFqdns: [
|
|
143
144
|
//AKS mater
|
|
144
|
-
|
|
145
|
+
"*.hcp.southeastasia.azmk8s.io",
|
|
145
146
|
//Microsoft Container Registry
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
147
|
+
"mcr.microsoft.com",
|
|
148
|
+
"data.mcr.microsoft.com",
|
|
149
|
+
"*.data.mcr.microsoft.com",
|
|
149
150
|
//Azure management
|
|
150
|
-
|
|
151
|
-
|
|
151
|
+
"management.azure.com",
|
|
152
|
+
"login.microsoftonline.com",
|
|
152
153
|
//Microsoft trusted package repository
|
|
153
|
-
|
|
154
|
+
"packages.microsoft.com",
|
|
154
155
|
//Azure CDN
|
|
155
|
-
|
|
156
|
+
"acs-mirror.azureedge.net",
|
|
156
157
|
//CosmosDb
|
|
157
|
-
|
|
158
|
+
"*.documents.azure.com",
|
|
158
159
|
],
|
|
159
|
-
protocols: [{ protocolType:
|
|
160
|
+
protocols: [{ protocolType: "Https", port: 443 }],
|
|
160
161
|
},
|
|
161
162
|
{
|
|
162
|
-
name:
|
|
163
|
+
name: "azure-monitors",
|
|
163
164
|
sourceAddresses: vnetAddressSpace,
|
|
164
165
|
targetFqdns: [
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
166
|
+
"dc.services.visualstudio.com",
|
|
167
|
+
"*.ods.opinsights.azure.com",
|
|
168
|
+
"*.oms.opinsights.azure.com",
|
|
169
|
+
"*.monitoring.azure.com",
|
|
170
|
+
"*.services.visualstudio.com",
|
|
170
171
|
],
|
|
171
|
-
protocols: [{ protocolType:
|
|
172
|
+
protocols: [{ protocolType: "Https", port: 443 }],
|
|
172
173
|
},
|
|
173
174
|
{
|
|
174
|
-
name:
|
|
175
|
+
name: "azure-policy",
|
|
175
176
|
sourceAddresses: vnetAddressSpace,
|
|
176
177
|
targetFqdns: [
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
178
|
+
"*.policy.core.windows.net",
|
|
179
|
+
"gov-prod-policy-data.trafficmanager.net",
|
|
180
|
+
"raw.githubusercontent.com",
|
|
181
|
+
"dc.services.visualstudio.com",
|
|
181
182
|
],
|
|
182
|
-
protocols: [{ protocolType:
|
|
183
|
+
protocols: [{ protocolType: "Https", port: 443 }],
|
|
183
184
|
},
|
|
184
185
|
{
|
|
185
186
|
//TODO Allow Docker Access is potential risk once we have budget and able to upload external images to ACR then remove docker.
|
|
186
|
-
name:
|
|
187
|
+
name: "docker-services",
|
|
187
188
|
sourceAddresses: vnetAddressSpace,
|
|
188
189
|
targetFqdns: [
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
190
|
+
"quay.io", //For Cert Manager
|
|
191
|
+
"*.quay.io",
|
|
192
|
+
"auth.docker.io",
|
|
193
|
+
"*.auth.docker.io",
|
|
194
|
+
"*.cloudflare.docker.io",
|
|
195
|
+
"docker.io",
|
|
196
|
+
"cloudflare.docker.io",
|
|
197
|
+
"cloudflare.docker.com",
|
|
198
|
+
"*.cloudflare.docker.com",
|
|
199
|
+
"*.registry-1.docker.io",
|
|
200
|
+
"registry-1.docker.io",
|
|
200
201
|
],
|
|
201
|
-
protocols: [{ protocolType:
|
|
202
|
+
protocols: [{ protocolType: "Https", port: 443 }],
|
|
202
203
|
},
|
|
203
204
|
{
|
|
204
205
|
//TODO Allow external registry is potential risk once we have budget and able to upload external images to ACR then remove docker.
|
|
205
|
-
name:
|
|
206
|
+
name: "k8s-services",
|
|
206
207
|
sourceAddresses: vnetAddressSpace,
|
|
207
208
|
targetFqdns: [
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
209
|
+
"k8s.gcr.io", //nginx images
|
|
210
|
+
"*.k8s.io",
|
|
211
|
+
"asia-east1-docker.pkg.dev",
|
|
212
|
+
"*.gcr.io",
|
|
213
|
+
"*.googleapis.com",
|
|
213
214
|
],
|
|
214
|
-
protocols: [{ protocolType:
|
|
215
|
+
protocols: [{ protocolType: "Https", port: 443 }],
|
|
215
216
|
},
|
|
216
217
|
{
|
|
217
|
-
name:
|
|
218
|
+
name: "ubuntu-services",
|
|
218
219
|
sourceAddresses: vnetAddressSpace,
|
|
219
220
|
targetFqdns: [
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
221
|
+
"security.ubuntu.com",
|
|
222
|
+
"azure.archive.ubuntu.com",
|
|
223
|
+
"changelogs.ubuntu.com",
|
|
223
224
|
],
|
|
224
|
-
protocols: [{ protocolType:
|
|
225
|
+
protocols: [{ protocolType: "Https", port: 443 }],
|
|
225
226
|
},
|
|
226
227
|
],
|
|
227
228
|
});
|
|
@@ -247,4 +248,4 @@ exports.default = ({ startPriority, vnetAddressSpace, ...others }) => {
|
|
|
247
248
|
applicationRuleCollections,
|
|
248
249
|
};
|
|
249
250
|
};
|
|
250
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
251
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQWtzRmlyZXdhbGxSdWxlcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9WTmV0L0ZpcmV3YWxsUnVsZXMvQWtzRmlyZXdhbGxSdWxlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLHNEQUFvRTtBQXFCcEUsTUFBTSxZQUFZLEdBQUcsQ0FBQyxFQUNwQixhQUFhLEVBQ2IsaUJBQWlCLEVBQ2pCLEtBQUssR0FDUSxFQUE0RCxFQUFFO0lBQzNFLE1BQU0sS0FBSyxHQUFHLElBQUksS0FBSyxFQUFxRCxDQUFDO0lBRTdFLEtBQUssQ0FBQyxJQUFJLENBQUM7UUFDVCxJQUFJLEVBQUUsWUFBWTtRQUNsQixNQUFNLEVBQUUsRUFBRSxJQUFJLEVBQUUsYUFBSyxDQUFDLE9BQU8sQ0FBQyw0QkFBNEIsQ0FBQyxJQUFJLEVBQUU7UUFDakUsUUFBUSxFQUFFLEVBQUUsYUFBYTtRQUV6QixLQUFLLEVBQUUsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQzNCLE1BQU0sU0FBUyxHQUFHO2dCQUNoQixJQUFJLEVBQUUsR0FBRyxHQUFHLENBQUMsSUFBSSxjQUFjO2dCQUMvQixXQUFXLEVBQUUsMENBQTBDLEdBQUcsQ0FBQyxJQUFJLHdCQUF3QjtnQkFDdkYsZUFBZSxFQUFFLENBQUMsR0FBRyxDQUFDLGVBQWUsSUFBSSxHQUFHLENBQUM7Z0JBQzdDLG9CQUFvQixFQUFFLGlCQUFpQjtnQkFDdkMsZ0JBQWdCLEVBQUUsQ0FBQyxLQUFLLENBQUM7Z0JBQ3pCLFNBQVMsRUFBRSxDQUFDLEtBQUssQ0FBQztnQkFDbEIsaUJBQWlCLEVBQUUsR0FBRyxDQUFDLGlCQUFpQjtnQkFDeEMsY0FBYyxFQUFFLEtBQUs7YUFDdEIsQ0FBQztZQUVGLE1BQU0sUUFBUSxHQUFHO2dCQUNmLElBQUksRUFBRSxHQUFHLEdBQUcsQ0FBQyxJQUFJLGFBQWE7Z0JBQzlCLFdBQVcsRUFBRSx5Q0FBeUMsR0FBRyxDQUFDLElBQUksd0JBQXdCO2dCQUN0RixlQUFlLEVBQUUsQ0FBQyxHQUFHLENBQUMsZUFBZSxJQUFJLEdBQUcsQ0FBQztnQkFDN0Msb0JBQW9CLEVBQUUsaUJBQWlCO2dCQUN2QyxnQkFBZ0IsRUFBRSxDQUFDLElBQUksQ0FBQztnQkFDeEIsU0FBUyxFQUFFLENBQUMsS0FBSyxDQUFDO2dCQUNsQixpQkFBaUIsRUFBRSxHQUFHLENBQUMsaUJBQWlCO2dCQUN4QyxjQUFjLEVBQUUsSUFBSTthQUNyQixDQUFDO1lBQ0YsT0FBTyxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsRUFBRSxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUM3RCxDQUFDLENBQUM7S0FDSCxDQUFDLENBQUM7SUFFSCxPQUFPLEtBQUssQ0FBQztBQUNmLENBQUMsQ0FBQztBQVFGLE1BQU0sY0FBYyxHQUFHLENBQUMsRUFDdEIsYUFBYSxFQUNiLFFBQVEsR0FBRyxlQUFlLEVBQzFCLGdCQUFnQixHQUNKLEVBQTJELEVBQUU7SUFDekUsUUFBUSxHQUFHLFFBQVEsQ0FBQyxXQUFXLEVBQUUsQ0FBQztJQUVsQyxNQUFNLEtBQUssR0FDVCxJQUFJLEtBQUssRUFBeUQsQ0FBQztJQUNyRSw0REFBNEQ7SUFDNUQsaUVBQWlFO0lBRWpFLEtBQUssQ0FBQyxJQUFJLENBQUM7UUFDVCxJQUFJLEVBQUUsZUFBZTtRQUNyQixNQUFNLEVBQUUsRUFBRSxJQUFJLEVBQUUsYUFBSyxDQUFDLE9BQU8sQ0FBQyx5QkFBeUIsQ0FBQyxLQUFLLEVBQUU7UUFDL0QsUUFBUSxFQUFFLEVBQUUsYUFBYTtRQUN6QixLQUFLLEVBQUU7WUFDTCxJQUFJO1lBQ0oscUJBQXFCO1lBQ3JCLGlCQUFpQjtZQUNqQix5SEFBeUg7WUFDekgsd0JBQXdCO1lBQ3hCLHVDQUF1QztZQUN2QyxzREFBc0Q7WUFDdEQsZ0NBQWdDO1lBQ2hDLEtBQUs7WUFDTDtnQkFDRSxJQUFJLEVBQUUsU0FBUztnQkFDZixXQUFXLEVBQ1Qsd0dBQXdHO2dCQUMxRyxTQUFTLEVBQUUsQ0FBQyxLQUFLLENBQUM7Z0JBQ2xCLGVBQWUsRUFBRSxnQkFBZ0I7Z0JBQ2pDLG9CQUFvQixFQUFFLENBQUMsY0FBYyxRQUFRLEVBQUUsQ0FBQztnQkFDaEQsZ0JBQWdCLEVBQUUsQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDO2FBQ2xDO1lBQ0Q7Z0JBQ0UsSUFBSSxFQUFFLFVBQVU7Z0JBQ2hCLFdBQVcsRUFDVCwrRUFBK0U7Z0JBQ2pGLFNBQVMsRUFBRSxDQUFDLEtBQUssQ0FBQztnQkFDbEIsZUFBZSxFQUFFLGdCQUFnQjtnQkFDakMsZ0JBQWdCLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQztnQkFDcEMsZ0JBQWdCLEVBQUUsQ0FBQyxLQUFLLENBQUM7YUFDMUI7WUFDRCxJQUFJO1lBQ0osNkJBQTZCO1lBQzdCLGlCQUFpQjtZQUNqQix1RkFBdUY7WUFDdkYsd0JBQXdCO1lBQ3hCLHVDQUF1QztZQUN2QyxpQ0FBaUM7WUFDakMsK0JBQStCO1lBQy9CLEtBQUs7WUFDTCxJQUFJO1lBQ0osZ0NBQWdDO1lBQ2hDLGlCQUFpQjtZQUNqQix1SEFBdUg7WUFDdkgsd0JBQXdCO1lBQ3hCLHVDQUF1QztZQUN2Qyx5RUFBeUU7WUFDekUsaURBQWlEO1lBQ2pELEtBQUs7WUFDTDtnQkFDRSxJQUFJLEVBQUUscUJBQXFCO2dCQUMzQixXQUFXLEVBQUUseURBQXlEO2dCQUN0RSxTQUFTLEVBQUUsQ0FBQyxLQUFLLENBQUM7Z0JBQ2xCLGVBQWUsRUFBRSxnQkFBZ0I7Z0JBQ2pDLG9CQUFvQixFQUFFO29CQUNwQixzQ0FBc0M7b0JBQ3RDLDBDQUEwQztvQkFDMUMsc0JBQXNCO29CQUN0Qiw0QkFBNEI7b0JBQzVCLGtCQUFrQjtvQkFDbEIsNkJBQTZCO29CQUM3QixxREFBcUQ7b0JBQ3JELDhCQUE4QjtvQkFDOUIsMkJBQTJCO29CQUMzQiwwQkFBMEI7b0JBQzFCLDBEQUEwRDtvQkFDMUQsdUJBQXVCO2lCQUN4QjtnQkFDRCxnQkFBZ0IsRUFBRSxDQUFDLEtBQUssQ0FBQzthQUMxQjtZQUNEO2dCQUNFLElBQUksRUFBRSxZQUFZO2dCQUNsQixXQUFXLEVBQUUsYUFBYTtnQkFDMUIsU0FBUyxFQUFFLENBQUMsS0FBSyxFQUFFLEtBQUssQ0FBQztnQkFDekIsZUFBZSxFQUFFLGdCQUFnQjtnQkFDakMsb0JBQW9CLEVBQUUsQ0FBQyxHQUFHLENBQUM7Z0JBQzNCLGdCQUFnQixFQUFFLENBQUMsSUFBSSxDQUFDO2FBQ3pCO1NBQ0Y7S0FDRixDQUFDLENBQUM7SUFFSCxPQUFPLEtBQUssQ0FBQztBQUNmLENBQUMsQ0FBQztBQUVGLE1BQU0sY0FBYyxHQUFHLENBQUMsRUFDdEIsYUFBYSxFQUNiLGdCQUFnQixHQUdqQixFQUErRCxFQUFFO0lBQ2hFLE1BQU0sS0FBSyxHQUNULElBQUksS0FBSyxFQUE2RCxDQUFDO0lBQ3pFLDREQUE0RDtJQUM1RCxpRUFBaUU7SUFFakUsd0JBQXdCO0lBQ3hCLEtBQUssQ0FBQyxJQUFJLENBQUM7UUFDVCxJQUFJLEVBQUUseUJBQXlCO1FBQy9CLE1BQU0sRUFBRSxFQUFFLElBQUksRUFBRSxhQUFLLENBQUMsT0FBTyxDQUFDLHlCQUF5QixDQUFDLEtBQUssRUFBRTtRQUMvRCxRQUFRLEVBQUUsRUFBRSxhQUFhO1FBQ3pCLEtBQUssRUFBRTtZQUNMO2dCQUNFLElBQUksRUFBRSxjQUFjO2dCQUNwQixXQUFXLEVBQUUsOENBQThDO2dCQUMzRCxlQUFlLEVBQUUsZ0JBQWdCO2dCQUNqQyxzREFBc0Q7Z0JBQ3RELFFBQVEsRUFBRSxDQUFDLHdCQUF3QixDQUFDO2FBQ3JDO1lBQ0Q7Z0JBQ0UsSUFBSSxFQUFFLFVBQVU7Z0JBQ2hCLFdBQVcsRUFBRSw0QkFBNEI7Z0JBQ3pDLGVBQWUsRUFBRSxnQkFBZ0I7Z0JBQ2pDLFdBQVcsRUFBRTtvQkFDWCxXQUFXO29CQUNYLCtCQUErQjtvQkFDL0IsOEJBQThCO29CQUM5QixtQkFBbUI7b0JBQ25CLHdCQUF3QjtvQkFDeEIsMEJBQTBCO29CQUMxQixrQkFBa0I7b0JBQ2xCLHNCQUFzQjtvQkFDdEIsMkJBQTJCO29CQUMzQixzQ0FBc0M7b0JBQ3RDLHdCQUF3QjtvQkFDeEIsV0FBVztvQkFDWCwwQkFBMEI7b0JBQzFCLFVBQVU7b0JBQ1YsdUJBQXVCO2lCQUN4QjtnQkFDRCxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO2FBQ2xEO1lBQ0Q7Z0JBQ0UsSUFBSSxFQUFFLGdCQUFnQjtnQkFDdEIsZUFBZSxFQUFFLGdCQUFnQjtnQkFDakMsV0FBVyxFQUFFO29CQUNYLDhCQUE4QjtvQkFDOUIsNEJBQTRCO29CQUM1Qiw0QkFBNEI7b0JBQzVCLHdCQUF3QjtvQkFDeEIsNkJBQTZCO2lCQUM5QjtnQkFDRCxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO2FBQ2xEO1lBQ0Q7Z0JBQ0UsSUFBSSxFQUFFLGNBQWM7Z0JBQ3BCLGVBQWUsRUFBRSxnQkFBZ0I7Z0JBQ2pDLFdBQVcsRUFBRTtvQkFDWCwyQkFBMkI7b0JBQzNCLHlDQUF5QztvQkFDekMsMkJBQTJCO29CQUMzQiw4QkFBOEI7aUJBQy9CO2dCQUNELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7YUFDbEQ7WUFDRDtnQkFDRSw4SEFBOEg7Z0JBQzlILElBQUksRUFBRSxpQkFBaUI7Z0JBQ3ZCLGVBQWUsRUFBRSxnQkFBZ0I7Z0JBQ2pDLFdBQVcsRUFBRTtvQkFDWCxTQUFTLEVBQUUsa0JBQWtCO29CQUM3QixXQUFXO29CQUNYLGdCQUFnQjtvQkFDaEIsa0JBQWtCO29CQUNsQix3QkFBd0I7b0JBQ3hCLFdBQVc7b0JBQ1gsc0JBQXNCO29CQUN0Qix1QkFBdUI7b0JBQ3ZCLHlCQUF5QjtvQkFDekIsd0JBQXdCO29CQUN4QixzQkFBc0I7aUJBQ3ZCO2dCQUNELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7YUFDbEQ7WUFDRDtnQkFDRSxrSUFBa0k7Z0JBQ2xJLElBQUksRUFBRSxjQUFjO2dCQUNwQixlQUFlLEVBQUUsZ0JBQWdCO2dCQUNqQyxXQUFXLEVBQUU7b0JBQ1gsWUFBWSxFQUFFLGNBQWM7b0JBQzVCLFVBQVU7b0JBQ1YsMkJBQTJCO29CQUMzQixVQUFVO29CQUNWLGtCQUFrQjtpQkFDbkI7Z0JBQ0QsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQzthQUNsRDtZQUNEO2dCQUNFLElBQUksRUFBRSxpQkFBaUI7Z0JBQ3ZCLGVBQWUsRUFBRSxnQkFBZ0I7Z0JBQ2pDLFdBQVcsRUFBRTtvQkFDWCxxQkFBcUI7b0JBQ3JCLDBCQUEwQjtvQkFDMUIsdUJBQXVCO2lCQUN4QjtnQkFDRCxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO2FBQ2xEO1NBQ0Y7S0FDRixDQUFDLENBQUM7SUFFSCxPQUFPLEtBQUssQ0FBQztBQUNmLENBQUMsQ0FBQztBQU9GLGtCQUFlLENBQUMsRUFDZCxhQUFhLEVBQ2IsZ0JBQWdCLEVBQ2hCLEdBQUcsTUFBTSxFQUNRLEVBQXVCLEVBQUU7SUFDMUMsTUFBTSxrQkFBa0IsR0FBRyxZQUFZLENBQUM7UUFDdEMsYUFBYTtRQUNiLEdBQUcsTUFBTTtLQUNWLENBQUMsQ0FBQztJQUVILE1BQU0sc0JBQXNCLEdBQUcsY0FBYyxDQUFDO1FBQzVDLGFBQWE7UUFDYixnQkFBZ0I7UUFDaEIsR0FBRyxNQUFNO0tBQ1YsQ0FBQyxDQUFDO0lBRUgsTUFBTSwwQkFBMEIsR0FBRyxjQUFjLENBQUM7UUFDaEQsYUFBYTtRQUNiLGdCQUFnQjtLQUNqQixDQUFDLENBQUM7SUFFSCxPQUFPO1FBQ0wsa0JBQWtCO1FBQ2xCLHNCQUFzQjtRQUN0QiwwQkFBMEI7S0FDM0IsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9
|
package/VNet/Helper.d.ts
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import * as network from "@pulumi/azure-native/network";
|
|
2
|
-
import { Output } from "@pulumi/pulumi";
|
|
2
|
+
import { Input, Output } from "@pulumi/pulumi";
|
|
3
3
|
import * as netmask from "netmask";
|
|
4
|
-
import {
|
|
4
|
+
import { ResourceGroupInfo } from "../types";
|
|
5
|
+
import { VnetInfoType } from "./types";
|
|
5
6
|
export declare const appGatewaySubnetName = "app-gateway";
|
|
6
7
|
export declare const gatewaySubnetName = "GatewaySubnet";
|
|
7
8
|
export declare const azFirewallSubnet = "AzureFirewallSubnet";
|
|
@@ -14,8 +15,6 @@ export declare const convertToIpRange: (ipAddress: string[]) => Array<{
|
|
|
14
15
|
end: string;
|
|
15
16
|
}>;
|
|
16
17
|
export declare const getVnetIdFromSubnetId: (subnetId: string) => string;
|
|
17
|
-
/**Merge Firewall Rules Policies with starting priority*/
|
|
18
|
-
export declare const mergeFirewallRules: (rules: Array<FirewallRuleResults>, startPriority?: number) => FirewallRuleResults;
|
|
19
18
|
interface SubnetProps {
|
|
20
19
|
subnetName: string;
|
|
21
20
|
vnetAndGroupName: string;
|
|
@@ -30,4 +29,9 @@ export declare const getIpAddressResource: ({ name, groupName, }: {
|
|
|
30
29
|
name: string;
|
|
31
30
|
groupName: string;
|
|
32
31
|
}) => Promise<network.GetPublicIPAddressResult>;
|
|
32
|
+
export declare const getVnetInfo: (groupName: string) => VnetInfoType;
|
|
33
|
+
export declare const getVnetIdByName: (groupName: string) => Output<string>;
|
|
34
|
+
export declare const parseVnetInfoFromId: (vnetId: Input<string>) => Output<VnetInfoType>;
|
|
35
|
+
export declare const getFirewallIpAddress: (name: string, group: ResourceGroupInfo) => Output<string>;
|
|
36
|
+
export declare const getFirewallIpAddressByGroupName: (groupName: string) => Output<string>;
|
|
33
37
|
export {};
|