@drunk-pulumi/azure 0.0.37 → 0.0.38
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Aks/Helper.d.ts +6 -11
- package/Aks/Helper.js +40 -65
- package/Aks/Identity.d.ts +3 -10
- package/Aks/Identity.js +9 -8
- package/Aks/index.d.ts +67 -71
- package/Aks/index.js +198 -314
- package/Apim/ApiProduct/PolicyBuilder.js +25 -27
- package/Apim/ApiProduct/SwaggerHelper.js +1 -3
- package/Apim/ApiProduct/index.d.ts +3 -3
- package/Apim/ApiProduct/index.js +1 -2
- package/Automation/index.d.ts +7 -0
- package/Automation/index.js +55 -0
- package/AzAd/EnvRoles.Consts.d.ts +12 -0
- package/AzAd/EnvRoles.Consts.js +125 -0
- package/AzAd/EnvRoles.d.ts +16 -15
- package/AzAd/EnvRoles.js +69 -47
- package/AzAd/GraphDefinition.d.ts +2 -2
- package/AzAd/GraphDefinition.js +3055 -3056
- package/AzAd/Helper.d.ts +24 -13
- package/AzAd/Helper.js +98 -25
- package/AzAd/Identities/AzDevOpsIdentity.d.ts +12 -0
- package/AzAd/Identities/AzDevOpsIdentity.js +32 -0
- package/AzAd/Identities/AzDevOpsManagedIdentity.d.ts +7 -0
- package/AzAd/Identities/AzDevOpsManagedIdentity.js +15 -0
- package/AzAd/Identities/AzUserAdRevertSync.d.ts +2 -9
- package/AzAd/Identities/AzUserAdRevertSync.js +4 -5
- package/AzAd/Identities/index.d.ts +3 -0
- package/AzAd/Identities/index.js +10 -0
- package/AzAd/Identity.d.ts +10 -22
- package/AzAd/Identity.js +50 -61
- package/AzAd/Role.d.ts +2 -3
- package/AzAd/Role.js +4 -5
- package/AzAd/RoleAssignment.d.ts +34 -5
- package/AzAd/RoleAssignment.js +2 -2
- package/AzAd/RoleDefinitions/JustInTimeRequestRole.d.ts +2 -0
- package/AzAd/RoleDefinitions/JustInTimeRequestRole.js +25 -0
- package/AzAd/RolesBuiltIn.d.ts +29 -0
- package/AzAd/RolesBuiltIn.js +13034 -8058
- package/AzAd/UserAssignedIdentity.d.ts +6 -0
- package/AzAd/UserAssignedIdentity.js +27 -0
- package/Builder/AksBuilder.d.ts +3 -0
- package/Builder/AksBuilder.js +95 -0
- package/Builder/VnetBuilder.d.ts +3 -0
- package/Builder/VnetBuilder.js +279 -0
- package/Builder/index.d.ts +2 -0
- package/Builder/index.js +8 -0
- package/Builder/types.d.ts +120 -0
- package/Builder/types.js +18 -0
- package/Certificate/index.d.ts +1 -1
- package/Certificate/index.js +26 -28
- package/Common/AutoTags.js +2 -2
- package/Common/AzureEnv.d.ts +4 -3
- package/Common/AzureEnv.js +31 -24
- package/Common/GlobalEnv.d.ts +1 -2
- package/Common/GlobalEnv.js +7 -7
- package/Common/Location.d.ts +3 -3
- package/Common/Location.js +22 -9
- package/Common/LocationBuiltIn.d.ts +6 -81
- package/Common/LocationBuiltIn.js +491 -1923
- package/Common/Naming/index.d.ts +6 -4
- package/Common/Naming/index.js +64 -60
- package/Common/ResourceEnv.d.ts +2 -2
- package/Common/ResourceEnv.js +11 -10
- package/Common/StackEnv.js +2 -9
- package/Core/KeyGenetators.d.ts +16 -20
- package/Core/KeyGenetators.js +17 -16
- package/Core/Random.d.ts +4 -4
- package/Core/Random.js +10 -10
- package/Core/ResourceGroup.d.ts +12 -6
- package/Core/ResourceGroup.js +12 -24
- package/IOT/Hub/index.d.ts +4 -8
- package/IOT/Hub/index.js +19 -54
- package/KeyVault/Helper.d.ts +8 -6
- package/KeyVault/Helper.js +13 -19
- package/KeyVault/index.d.ts +1 -3
- package/KeyVault/index.js +2 -26
- package/Logs/Helpers.d.ts +35 -25
- package/Logs/Helpers.js +33 -20
- package/Logs/LogAnalytics.d.ts +2 -2
- package/Logs/LogAnalytics.js +15 -6
- package/Logs/index.d.ts +3 -3
- package/Logs/index.js +4 -4
- package/MySql/index.d.ts +2 -3
- package/MySql/index.js +16 -19
- package/{ReadMe.md → README.md} +6 -1
- package/Sql/index.d.ts +15 -9
- package/Sql/index.js +39 -41
- package/Storage/CdnEndpoint.d.ts +2 -2
- package/Storage/CdnEndpoint.js +14 -15
- package/Storage/Helper.d.ts +2 -2
- package/Storage/Helper.js +6 -6
- package/Storage/ManagementRules.d.ts +5 -23
- package/Storage/ManagementRules.js +3 -3
- package/Storage/index.d.ts +3 -3
- package/Storage/index.js +28 -28
- package/VM/AzureDevOpsExtension.d.ts +16 -0
- package/VM/AzureDevOpsExtension.js +14 -0
- package/VM/Extension.d.ts +15 -0
- package/VM/Extension.js +13 -0
- package/VM/GlobalSchedule.d.ts +10 -0
- package/VM/GlobalSchedule.js +20 -0
- package/VM/index.d.ts +18 -18
- package/VM/index.js +94 -57
- package/VNet/Bastion.d.ts +4 -4
- package/VNet/Bastion.js +12 -8
- package/VNet/Firewall.d.ts +19 -12
- package/VNet/Firewall.js +59 -40
- package/VNet/FirewallPolicies/AksFirewallPolicy.d.ts +16 -16
- package/VNet/FirewallPolicies/AksFirewallPolicy.js +193 -220
- package/VNet/FirewallPolicies/CloudPCFirewallPolicy.d.ts +12 -10
- package/VNet/FirewallPolicies/CloudPCFirewallPolicy.js +170 -282
- package/VNet/FirewallPolicies/DefaultFirewallPolicy.d.ts +3 -0
- package/VNet/FirewallPolicies/DefaultFirewallPolicy.js +25 -0
- package/VNet/FirewallPolicies/index.d.ts +4 -0
- package/VNet/FirewallPolicies/index.js +10 -0
- package/VNet/FirewallPolicy.d.ts +14 -11
- package/VNet/FirewallPolicy.js +67 -74
- package/VNet/FirewallRules/AksFirewallRules.d.ts +4 -3
- package/VNet/FirewallRules/AksFirewallRules.js +101 -100
- package/VNet/Helper.d.ts +8 -4
- package/VNet/Helper.js +42 -35
- package/VNet/IpAddress.d.ts +6 -8
- package/VNet/IpAddress.js +6 -11
- package/VNet/IpAddressPrefix.d.ts +12 -9
- package/VNet/IpAddressPrefix.js +14 -13
- package/VNet/NSGRules/AppGatewaySecurityRule.d.ts +9 -0
- package/VNet/NSGRules/AppGatewaySecurityRule.js +46 -0
- package/VNet/NSGRules/AzADSecurityRule.d.ts +6 -0
- package/VNet/NSGRules/AzADSecurityRule.js +39 -0
- package/VNet/NSGRules/BastionSecurityRule.d.ts +9 -0
- package/VNet/NSGRules/BastionSecurityRule.js +93 -0
- package/VNet/NatGateway.d.ts +10 -0
- package/VNet/NatGateway.js +21 -0
- package/VNet/NetworkPeering.d.ts +7 -7
- package/VNet/NetworkPeering.js +29 -20
- package/VNet/PrivateDns.d.ts +8 -10
- package/VNet/PrivateDns.js +12 -14
- package/VNet/PrivateEndpoint.js +5 -2
- package/VNet/RouteTable.d.ts +7 -8
- package/VNet/RouteTable.js +6 -6
- package/VNet/SecurityGroup.d.ts +4 -4
- package/VNet/SecurityGroup.js +7 -3
- package/VNet/Subnet.d.ts +10 -7
- package/VNet/Subnet.js +4 -3
- package/VNet/VPNGateway.d.ts +13 -0
- package/VNet/VPNGateway.js +73 -0
- package/VNet/VirtualWAN.d.ts +7 -10
- package/VNet/VirtualWAN.js +1 -1
- package/VNet/Vnet.d.ts +29 -23
- package/VNet/Vnet.js +58 -121
- package/VNet/index.d.ts +17 -18
- package/VNet/index.js +41 -54
- package/VNet/types.d.ts +94 -0
- package/VNet/types.js +3 -0
- package/Web/types.d.ts +2 -134
- package/package.json +8 -8
- package/types.d.ts +22 -8
- package/z_tests/_tools/Mocks.js +12 -13
- package/Automation/AutoAccount.d.ts +0 -5
- package/Automation/AutoAccount.js +0 -18
- package/AzAd/Identities/AzDevOps.d.ts +0 -23
- package/AzAd/Identities/AzDevOps.js +0 -61
- package/AzAd/KeyVaultRoles.d.ts +0 -8
- package/AzAd/KeyVaultRoles.js +0 -53
- package/AzAd/ManagedIdentity.d.ts +0 -6
- package/AzAd/ManagedIdentity.js +0 -20
- package/AzAd/UserIdentity.d.ts +0 -5
- package/AzAd/UserIdentity.js +0 -12
- package/Common/Naming/AzureRegions.d.ts +0 -4
- package/Common/Naming/AzureRegions.js +0 -49
- package/KeyVault/VaultPermissions.d.ts +0 -27
- package/KeyVault/VaultPermissions.js +0 -226
- package/VNet/FirewallRules/types.d.ts +0 -20
- package/VNet/FirewallRules/types.js +0 -5
- package/VNet/NSGRules/AzADService.d.ts +0 -10
- package/VNet/NSGRules/AzADService.js +0 -45
package/AzAd/Helper.d.ts
CHANGED
|
@@ -1,18 +1,29 @@
|
|
|
1
|
-
import { KeyVaultInfo } from
|
|
2
|
-
import
|
|
1
|
+
import { IdentityRoleAssignment, KeyVaultInfo } from "../types";
|
|
2
|
+
import { Input } from "@pulumi/pulumi";
|
|
3
3
|
interface Props {
|
|
4
4
|
name: string;
|
|
5
|
-
|
|
5
|
+
includePrincipal?: boolean;
|
|
6
6
|
vaultInfo: KeyVaultInfo;
|
|
7
7
|
}
|
|
8
|
-
export
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
8
|
+
export type IdentityInfoResults = {
|
|
9
|
+
objectId: string;
|
|
10
|
+
clientId: string;
|
|
11
|
+
clientSecret?: string;
|
|
12
|
+
principalObjectId?: string;
|
|
13
|
+
principalId?: string;
|
|
14
|
+
principalSecret?: string;
|
|
15
|
+
};
|
|
16
|
+
export declare const getIdentitySecretNames: (name: string) => {
|
|
17
|
+
objectIdName: string;
|
|
18
|
+
clientIdKeyName: string;
|
|
19
|
+
clientSecretKeyName: string;
|
|
20
|
+
principalIdKeyName: string;
|
|
21
|
+
principalSecretKeyName: string;
|
|
22
|
+
};
|
|
23
|
+
export declare const getIdentityInfo: ({ name, vaultInfo, includePrincipal, }: Props) => Promise<IdentityInfoResults>;
|
|
24
|
+
export declare const getIdentityInfoOutput: (props: Props) => import("@pulumi/pulumi").Output<import("@pulumi/pulumi").UnwrappedObject<IdentityInfoResults>>;
|
|
25
|
+
export declare const grantIdentityPermissions: ({ name, principalId, vaultInfo, roles, envRole, }: IdentityRoleAssignment & {
|
|
26
|
+
name: string;
|
|
27
|
+
principalId: Input<string>;
|
|
28
|
+
}) => void;
|
|
18
29
|
export {};
|
package/AzAd/Helper.js
CHANGED
|
@@ -1,37 +1,110 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.grantIdentityPermissions = exports.getIdentityInfoOutput = exports.getIdentityInfo = exports.getIdentitySecretNames = void 0;
|
|
4
4
|
const Naming_1 = require("../Common/Naming");
|
|
5
5
|
const Helper_1 = require("../KeyVault/Helper");
|
|
6
|
-
const
|
|
7
|
-
const
|
|
6
|
+
const pulumi_1 = require("@pulumi/pulumi");
|
|
7
|
+
const EnvRoles_1 = require("./EnvRoles");
|
|
8
|
+
const RoleAssignment_1 = require("./RoleAssignment");
|
|
9
|
+
const Group_1 = require("./Group");
|
|
10
|
+
const getIdentitySecretNames = (name) => ({
|
|
11
|
+
objectIdName: (0, Naming_1.getSecretName)(`${name}-object-id`),
|
|
12
|
+
clientIdKeyName: (0, Naming_1.getSecretName)(`${name}-client-id`),
|
|
13
|
+
clientSecretKeyName: (0, Naming_1.getSecretName)(`${name}-client-secret`),
|
|
14
|
+
principalIdKeyName: (0, Naming_1.getSecretName)(`${name}-principal-id`),
|
|
15
|
+
principalSecretKeyName: (0, Naming_1.getSecretName)(`${name}-principal-secret`),
|
|
16
|
+
});
|
|
17
|
+
exports.getIdentitySecretNames = getIdentitySecretNames;
|
|
18
|
+
const getIdentityInfo = async ({ name, vaultInfo, includePrincipal, }) => {
|
|
8
19
|
name = (0, Naming_1.getIdentityName)(name);
|
|
9
|
-
const
|
|
10
|
-
const
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
(0, Helper_1.getSecret)({ name: clientIdKeyName, vaultInfo }),
|
|
15
|
-
(0, Helper_1.getSecret)({ name: clientSecretKeyName, vaultInfo }),
|
|
20
|
+
const secretNames = (0, exports.getIdentitySecretNames)(name);
|
|
21
|
+
const [objectId, clientId, clientSecret] = await Promise.all([
|
|
22
|
+
(0, Helper_1.getSecret)({ name: secretNames.objectIdName, vaultInfo }),
|
|
23
|
+
(0, Helper_1.getSecret)({ name: secretNames.clientIdKeyName, vaultInfo }),
|
|
24
|
+
(0, Helper_1.getSecret)({ name: secretNames.clientSecretKeyName, vaultInfo }),
|
|
16
25
|
]);
|
|
17
|
-
const [principalId, principalSecret] =
|
|
26
|
+
const [principalId, principalSecret] = includePrincipal
|
|
18
27
|
? await Promise.all([
|
|
19
|
-
(0, Helper_1.getSecret)({ name: principalIdKeyName, vaultInfo }),
|
|
20
|
-
(0, Helper_1.getSecret)({ name: principalSecretKeyName, vaultInfo }),
|
|
28
|
+
(0, Helper_1.getSecret)({ name: secretNames.principalIdKeyName, vaultInfo }),
|
|
29
|
+
(0, Helper_1.getSecret)({ name: secretNames.principalSecretKeyName, vaultInfo }),
|
|
21
30
|
])
|
|
22
31
|
: [undefined, undefined];
|
|
23
|
-
return {
|
|
32
|
+
return {
|
|
33
|
+
objectId: objectId.value,
|
|
34
|
+
clientId: clientId.value,
|
|
35
|
+
clientSecret: clientSecret?.value,
|
|
36
|
+
principalId: principalId?.value,
|
|
37
|
+
principalSecret: principalSecret?.value,
|
|
38
|
+
};
|
|
24
39
|
};
|
|
25
|
-
exports.
|
|
26
|
-
const
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
40
|
+
exports.getIdentityInfo = getIdentityInfo;
|
|
41
|
+
const getIdentityInfoOutput = (props) => (0, pulumi_1.output)((0, exports.getIdentityInfo)(props));
|
|
42
|
+
exports.getIdentityInfoOutput = getIdentityInfoOutput;
|
|
43
|
+
// export const grantIdentityRolesAccess = ({
|
|
44
|
+
// name,
|
|
45
|
+
// principalId,
|
|
46
|
+
// scope,
|
|
47
|
+
// roleType,
|
|
48
|
+
// additionRoles,
|
|
49
|
+
// dependsOn,
|
|
50
|
+
// ...others
|
|
51
|
+
// }: RoleEnableTypes & {
|
|
52
|
+
// name: string;
|
|
53
|
+
// principalId: Input<string>;
|
|
54
|
+
// scope: Input<string>;
|
|
55
|
+
// roleType: EnvRoleKeyTypes;
|
|
56
|
+
// additionRoles?: string[];
|
|
57
|
+
// dependsOn?: Input<Input<Resource>[]> | Input<Resource>;
|
|
58
|
+
// }) => {
|
|
59
|
+
// const roles = getRoleNames(others);
|
|
60
|
+
// const finalRoles = new Set(additionRoles);
|
|
61
|
+
//
|
|
62
|
+
// if (roleType === "readOnly") roles.readOnly.forEach((r) => finalRoles.add(r));
|
|
63
|
+
// if (roleType === "contributor")
|
|
64
|
+
// roles.contributor.forEach((r) => finalRoles.add(r));
|
|
65
|
+
// if (roleType === "admin") roles.admin.forEach((r) => finalRoles.add(r));
|
|
66
|
+
//
|
|
67
|
+
// Array.from(finalRoles)
|
|
68
|
+
// .sort()
|
|
69
|
+
// .forEach((r) => {
|
|
70
|
+
// const n = `${name}-${roleType}-${replaceAll(r, " ", "")}`;
|
|
71
|
+
// roleAssignment({
|
|
72
|
+
// name: n,
|
|
73
|
+
// principalId,
|
|
74
|
+
// principalType: "ServicePrincipal",
|
|
75
|
+
// roleName: r,
|
|
76
|
+
// scope,
|
|
77
|
+
// dependsOn,
|
|
78
|
+
// });
|
|
79
|
+
// });
|
|
80
|
+
// };
|
|
81
|
+
const grantIdentityToResourceRoles = ({ name, roles, principalId, }) => roles.map((r) => (0, RoleAssignment_1.roleAssignment)({
|
|
82
|
+
name,
|
|
83
|
+
roleName: r.name,
|
|
84
|
+
principalId: principalId,
|
|
85
|
+
principalType: "ServicePrincipal",
|
|
86
|
+
scope: r.scope,
|
|
87
|
+
}));
|
|
88
|
+
const grantIdentityEnvRolesGroup = ({ name, roleType, vaultInfo, principalId, }) => {
|
|
89
|
+
const role = (0, pulumi_1.output)((0, EnvRoles_1.getEnvRole)(roleType, vaultInfo));
|
|
90
|
+
return (0, Group_1.addMemberToGroup)({
|
|
91
|
+
name,
|
|
92
|
+
objectId: principalId,
|
|
93
|
+
groupObjectId: role.objectId,
|
|
30
94
|
});
|
|
31
|
-
const principal = await azureAD.getServicePrincipal({
|
|
32
|
-
displayName,
|
|
33
|
-
});
|
|
34
|
-
return { app, principal };
|
|
35
95
|
};
|
|
36
|
-
|
|
37
|
-
|
|
96
|
+
const grantIdentityPermissions = ({ name, principalId, vaultInfo, roles, envRole, }) => {
|
|
97
|
+
if (roles) {
|
|
98
|
+
grantIdentityToResourceRoles({ name, roles, principalId });
|
|
99
|
+
}
|
|
100
|
+
if (envRole && vaultInfo) {
|
|
101
|
+
grantIdentityEnvRolesGroup({
|
|
102
|
+
name,
|
|
103
|
+
roleType: envRole,
|
|
104
|
+
principalId,
|
|
105
|
+
vaultInfo,
|
|
106
|
+
});
|
|
107
|
+
}
|
|
108
|
+
};
|
|
109
|
+
exports.grantIdentityPermissions = grantIdentityPermissions;
|
|
110
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL0F6QWQvSGVscGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDZDQUFrRTtBQUNsRSwrQ0FBK0M7QUFFL0MsMkNBQXlEO0FBQ3pELHlDQUF5RDtBQUV6RCxxREFBa0Q7QUFFbEQsbUNBQTJDO0FBaUJwQyxNQUFNLHNCQUFzQixHQUFHLENBQUMsSUFBWSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZELFlBQVksRUFBRSxJQUFBLHNCQUFhLEVBQUMsR0FBRyxJQUFJLFlBQVksQ0FBQztJQUNoRCxlQUFlLEVBQUUsSUFBQSxzQkFBYSxFQUFDLEdBQUcsSUFBSSxZQUFZLENBQUM7SUFDbkQsbUJBQW1CLEVBQUUsSUFBQSxzQkFBYSxFQUFDLEdBQUcsSUFBSSxnQkFBZ0IsQ0FBQztJQUMzRCxrQkFBa0IsRUFBRSxJQUFBLHNCQUFhLEVBQUMsR0FBRyxJQUFJLGVBQWUsQ0FBQztJQUN6RCxzQkFBc0IsRUFBRSxJQUFBLHNCQUFhLEVBQUMsR0FBRyxJQUFJLG1CQUFtQixDQUFDO0NBQ2xFLENBQUMsQ0FBQztBQU5VLFFBQUEsc0JBQXNCLDBCQU1oQztBQUVJLE1BQU0sZUFBZSxHQUFHLEtBQUssRUFBRSxFQUNwQyxJQUFJLEVBQ0osU0FBUyxFQUNULGdCQUFnQixHQUNWLEVBQWdDLEVBQUU7SUFDeEMsSUFBSSxHQUFHLElBQUEsd0JBQWUsRUFBQyxJQUFJLENBQUMsQ0FBQztJQUM3QixNQUFNLFdBQVcsR0FBRyxJQUFBLDhCQUFzQixFQUFDLElBQUksQ0FBQyxDQUFDO0lBRWpELE1BQU0sQ0FBQyxRQUFRLEVBQUUsUUFBUSxFQUFFLFlBQVksQ0FBQyxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQztRQUMzRCxJQUFBLGtCQUFTLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxDQUFDLFlBQVksRUFBRSxTQUFTLEVBQUUsQ0FBQztRQUN4RCxJQUFBLGtCQUFTLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxDQUFDLGVBQWUsRUFBRSxTQUFTLEVBQUUsQ0FBQztRQUMzRCxJQUFBLGtCQUFTLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxDQUFDLG1CQUFtQixFQUFFLFNBQVMsRUFBRSxDQUFDO0tBQ2hFLENBQUMsQ0FBQztJQUVILE1BQU0sQ0FBQyxXQUFXLEVBQUUsZUFBZSxDQUFDLEdBQUcsZ0JBQWdCO1FBQ3JELENBQUMsQ0FBQyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUM7WUFDaEIsSUFBQSxrQkFBUyxFQUFDLEVBQUUsSUFBSSxFQUFFLFdBQVcsQ0FBQyxrQkFBa0IsRUFBRSxTQUFTLEVBQUUsQ0FBQztZQUM5RCxJQUFBLGtCQUFTLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxDQUFDLHNCQUFzQixFQUFFLFNBQVMsRUFBRSxDQUFDO1NBQ25FLENBQUM7UUFDSixDQUFDLENBQUMsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUM7SUFFM0IsT0FBTztRQUNMLFFBQVEsRUFBRSxRQUFTLENBQUMsS0FBTTtRQUMxQixRQUFRLEVBQUUsUUFBUyxDQUFDLEtBQU07UUFDMUIsWUFBWSxFQUFFLFlBQVksRUFBRSxLQUFLO1FBQ2pDLFdBQVcsRUFBRSxXQUFXLEVBQUUsS0FBSztRQUMvQixlQUFlLEVBQUUsZUFBZSxFQUFFLEtBQUs7S0FDeEMsQ0FBQztBQUNKLENBQUMsQ0FBQztBQTVCVyxRQUFBLGVBQWUsbUJBNEIxQjtBQUVLLE1BQU0scUJBQXFCLEdBQUcsQ0FBQyxLQUFZLEVBQUUsRUFBRSxDQUNwRCxJQUFBLGVBQU0sRUFBc0IsSUFBQSx1QkFBZSxFQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7QUFEekMsUUFBQSxxQkFBcUIseUJBQ29CO0FBRXRELDZDQUE2QztBQUM3QyxVQUFVO0FBQ1YsaUJBQWlCO0FBQ2pCLFdBQVc7QUFDWCxjQUFjO0FBQ2QsbUJBQW1CO0FBQ25CLGVBQWU7QUFDZixjQUFjO0FBQ2QseUJBQXlCO0FBQ3pCLGtCQUFrQjtBQUNsQixnQ0FBZ0M7QUFDaEMsMEJBQTBCO0FBQzFCLCtCQUErQjtBQUMvQiw4QkFBOEI7QUFDOUIsNERBQTREO0FBQzVELFVBQVU7QUFDVix3Q0FBd0M7QUFDeEMsK0NBQStDO0FBQy9DLEVBQUU7QUFDRixtRkFBbUY7QUFDbkYsb0NBQW9DO0FBQ3BDLDJEQUEyRDtBQUMzRCw2RUFBNkU7QUFDN0UsRUFBRTtBQUNGLDJCQUEyQjtBQUMzQixjQUFjO0FBQ2Qsd0JBQXdCO0FBQ3hCLG1FQUFtRTtBQUNuRSx5QkFBeUI7QUFDekIsbUJBQW1CO0FBQ25CLHVCQUF1QjtBQUN2Qiw2Q0FBNkM7QUFDN0MsdUJBQXVCO0FBQ3ZCLGlCQUFpQjtBQUNqQixxQkFBcUI7QUFDckIsWUFBWTtBQUNaLFVBQVU7QUFDVixLQUFLO0FBRUwsTUFBTSw0QkFBNEIsR0FBRyxDQUFDLEVBQ3BDLElBQUksRUFDSixLQUFLLEVBQ0wsV0FBVyxHQUtaLEVBQUUsRUFBRSxDQUNILEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUNkLElBQUEsK0JBQWMsRUFBQztJQUNiLElBQUk7SUFDSixRQUFRLEVBQUUsQ0FBQyxDQUFDLElBQUk7SUFDaEIsV0FBVyxFQUFFLFdBQVc7SUFDeEIsYUFBYSxFQUFFLGtCQUFrQjtJQUNqQyxLQUFLLEVBQUUsQ0FBQyxDQUFDLEtBQUs7Q0FDZixDQUFDLENBQ0gsQ0FBQztBQUVKLE1BQU0sMEJBQTBCLEdBQUcsQ0FBQyxFQUNsQyxJQUFJLEVBQ0osUUFBUSxFQUNSLFNBQVMsRUFDVCxXQUFXLEdBTVosRUFBRSxFQUFFO0lBQ0gsTUFBTSxJQUFJLEdBQUcsSUFBQSxlQUFNLEVBQUMsSUFBQSxxQkFBVSxFQUFDLFFBQVEsRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFDO0lBQ3JELE9BQU8sSUFBQSx3QkFBZ0IsRUFBQztRQUN0QixJQUFJO1FBQ0osUUFBUSxFQUFFLFdBQVc7UUFDckIsYUFBYSxFQUFFLElBQUksQ0FBQyxRQUFRO0tBQzdCLENBQUMsQ0FBQztBQUNMLENBQUMsQ0FBQztBQUVLLE1BQU0sd0JBQXdCLEdBQUcsQ0FBQyxFQUN2QyxJQUFJLEVBQ0osV0FBVyxFQUNYLFNBQVMsRUFDVCxLQUFLLEVBQ0wsT0FBTyxHQUlSLEVBQUUsRUFBRTtJQUNILElBQUksS0FBSyxFQUFFLENBQUM7UUFDViw0QkFBNEIsQ0FBQyxFQUFFLElBQUksRUFBRSxLQUFLLEVBQUUsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUM3RCxDQUFDO0lBQ0QsSUFBSSxPQUFPLElBQUksU0FBUyxFQUFFLENBQUM7UUFDekIsMEJBQTBCLENBQUM7WUFDekIsSUFBSTtZQUNKLFFBQVEsRUFBRSxPQUFPO1lBQ2pCLFdBQVc7WUFDWCxTQUFTO1NBQ1YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztBQUNILENBQUMsQ0FBQztBQXJCVyxRQUFBLHdCQUF3Qiw0QkFxQm5DIn0=
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { KeyVaultInfo } from "../../types";
|
|
2
|
+
export declare const defaultAzAdoName = "azure-devops";
|
|
3
|
+
interface Props {
|
|
4
|
+
name?: string;
|
|
5
|
+
vaultInfo: KeyVaultInfo;
|
|
6
|
+
additionRoles?: string[];
|
|
7
|
+
}
|
|
8
|
+
/** Get Global ADO Identity */
|
|
9
|
+
export declare const getAdoIdentityInfo: (vaultInfo: KeyVaultInfo) => import("@pulumi/pulumi").Output<import("@pulumi/pulumi").UnwrappedObject<import("../Helper").IdentityInfoResults>>;
|
|
10
|
+
/** Create Global ADO Identity */
|
|
11
|
+
declare const _default: ({ name, vaultInfo, additionRoles, ...others }: Props) => import("../Identity").IdentityResult;
|
|
12
|
+
export default _default;
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.getAdoIdentityInfo = exports.defaultAzAdoName = void 0;
|
|
4
|
+
const Identity_1 = require("../Identity");
|
|
5
|
+
const GraphDefinition_1 = require("../GraphDefinition");
|
|
6
|
+
const Helper_1 = require("../Helper");
|
|
7
|
+
const AzureEnv_1 = require("../../Common/AzureEnv");
|
|
8
|
+
exports.defaultAzAdoName = "azure-devops";
|
|
9
|
+
/** Get Global ADO Identity */
|
|
10
|
+
const getAdoIdentityInfo = (vaultInfo) => (0, Helper_1.getIdentityInfoOutput)({
|
|
11
|
+
name: exports.defaultAzAdoName,
|
|
12
|
+
vaultInfo,
|
|
13
|
+
includePrincipal: true,
|
|
14
|
+
});
|
|
15
|
+
exports.getAdoIdentityInfo = getAdoIdentityInfo;
|
|
16
|
+
/** Create Global ADO Identity */
|
|
17
|
+
exports.default = ({ name = exports.defaultAzAdoName, vaultInfo, additionRoles = ["Owner"], ...others }) => {
|
|
18
|
+
const graphAccess = (0, GraphDefinition_1.getGraphPermissions)({ name: "User.Read", type: "Scope" });
|
|
19
|
+
const ado = (0, Identity_1.default)({
|
|
20
|
+
name,
|
|
21
|
+
appType: "web",
|
|
22
|
+
createClientSecret: true,
|
|
23
|
+
createPrincipal: true,
|
|
24
|
+
requiredResourceAccesses: [graphAccess],
|
|
25
|
+
roles: additionRoles.map((role) => ({ name: role, scope: AzureEnv_1.defaultScope })),
|
|
26
|
+
vaultInfo,
|
|
27
|
+
...others,
|
|
28
|
+
});
|
|
29
|
+
console.log(`Add this principal ${name} to [User administrator, Application administrator, Cloud application administrator and Global Reader] of Azure AD to allow to Add/Update and Delete Groups, Users`);
|
|
30
|
+
return ado;
|
|
31
|
+
};
|
|
32
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQXpEZXZPcHNJZGVudGl0eS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9BekFkL0lkZW50aXRpZXMvQXpEZXZPcHNJZGVudGl0eS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFDQSwwQ0FBbUM7QUFDbkMsd0RBQXlEO0FBQ3pELHNDQUFrRDtBQUNsRCxvREFBcUQ7QUFFeEMsUUFBQSxnQkFBZ0IsR0FBRyxjQUFjLENBQUM7QUFRL0MsK0JBQStCO0FBQ3hCLE1BQU0sa0JBQWtCLEdBQUcsQ0FBQyxTQUF1QixFQUFFLEVBQUUsQ0FDNUQsSUFBQSw4QkFBcUIsRUFBQztJQUNwQixJQUFJLEVBQUUsd0JBQWdCO0lBQ3RCLFNBQVM7SUFDVCxnQkFBZ0IsRUFBRSxJQUFJO0NBQ3ZCLENBQUMsQ0FBQztBQUxRLFFBQUEsa0JBQWtCLHNCQUsxQjtBQUVMLGlDQUFpQztBQUNqQyxrQkFBZSxDQUFDLEVBQ2QsSUFBSSxHQUFHLHdCQUFnQixFQUN2QixTQUFTLEVBQ1QsYUFBYSxHQUFHLENBQUMsT0FBTyxDQUFDLEVBQ3pCLEdBQUcsTUFBTSxFQUNILEVBQUUsRUFBRTtJQUNWLE1BQU0sV0FBVyxHQUFHLElBQUEscUNBQW1CLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsQ0FBQyxDQUFDO0lBRTlFLE1BQU0sR0FBRyxHQUFHLElBQUEsa0JBQVEsRUFBQztRQUNuQixJQUFJO1FBQ0osT0FBTyxFQUFFLEtBQUs7UUFDZCxrQkFBa0IsRUFBRSxJQUFJO1FBQ3hCLGVBQWUsRUFBRSxJQUFJO1FBQ3JCLHdCQUF3QixFQUFFLENBQUMsV0FBVyxDQUFDO1FBQ3ZDLEtBQUssRUFBRSxhQUFhLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRSxLQUFLLEVBQUUsdUJBQVksRUFBRSxDQUFDLENBQUM7UUFDekUsU0FBUztRQUNULEdBQUcsTUFBTTtLQUNWLENBQUMsQ0FBQztJQUVILE9BQU8sQ0FBQyxHQUFHLENBQ1Qsc0JBQXNCLElBQUksb0tBQW9LLENBQy9MLENBQUM7SUFFRixPQUFPLEdBQUcsQ0FBQztBQUNiLENBQUMsQ0FBQyJ9
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { BasicResourceArgs } from "../../types";
|
|
2
|
+
interface Props extends Omit<BasicResourceArgs, "name"> {
|
|
3
|
+
name?: string;
|
|
4
|
+
lock?: boolean;
|
|
5
|
+
}
|
|
6
|
+
declare const _default: ({ name, ...others }: Props) => import("@pulumi/azure-native/managedidentity/userAssignedIdentity").UserAssignedIdentity;
|
|
7
|
+
export default _default;
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const UserAssignedIdentity_1 = require("../UserAssignedIdentity");
|
|
4
|
+
const AzDevOpsIdentity_1 = require("./AzDevOpsIdentity");
|
|
5
|
+
const AzureEnv_1 = require("../../Common/AzureEnv");
|
|
6
|
+
exports.default = ({ name = AzDevOpsIdentity_1.defaultAzAdoName, ...others }) => {
|
|
7
|
+
const additionRoles = ["Owner"];
|
|
8
|
+
return (0, UserAssignedIdentity_1.default)({
|
|
9
|
+
name,
|
|
10
|
+
roles: additionRoles.map((role) => ({ name: role, scope: AzureEnv_1.defaultScope })),
|
|
11
|
+
lock: true,
|
|
12
|
+
...others,
|
|
13
|
+
});
|
|
14
|
+
};
|
|
15
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQXpEZXZPcHNNYW5hZ2VkSWRlbnRpdHkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvQXpBZC9JZGVudGl0aWVzL0F6RGV2T3BzTWFuYWdlZElkZW50aXR5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQ0Esa0VBQTJEO0FBQzNELHlEQUFzRDtBQUN0RCxvREFBcUQ7QUFPckQsa0JBQWUsQ0FBQyxFQUFFLElBQUksR0FBRyxtQ0FBZ0IsRUFBRSxHQUFHLE1BQU0sRUFBUyxFQUFFLEVBQUU7SUFDL0QsTUFBTSxhQUFhLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUVoQyxPQUFPLElBQUEsOEJBQW9CLEVBQUM7UUFDMUIsSUFBSTtRQUNKLEtBQUssRUFBRSxhQUFhLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRSxLQUFLLEVBQUUsdUJBQVksRUFBRSxDQUFDLENBQUM7UUFDekUsSUFBSSxFQUFFLElBQUk7UUFDVixHQUFHLE1BQU07S0FDVixDQUFDLENBQUM7QUFDTCxDQUFDLENBQUMifQ==
|
|
@@ -1,14 +1,7 @@
|
|
|
1
|
-
import { KeyVaultInfo } from
|
|
1
|
+
import { KeyVaultInfo } from "../../types";
|
|
2
2
|
interface Props {
|
|
3
3
|
name: string;
|
|
4
4
|
vaultInfo: KeyVaultInfo;
|
|
5
5
|
}
|
|
6
|
-
declare const _default: ({ name, ...others }: Props) => import("../Identity").IdentityResult
|
|
7
|
-
vaultNames: {
|
|
8
|
-
clientIdKeyName: string;
|
|
9
|
-
clientSecretKeyName: string;
|
|
10
|
-
principalIdKeyName: string;
|
|
11
|
-
principalSecretKeyName: string;
|
|
12
|
-
};
|
|
13
|
-
};
|
|
6
|
+
declare const _default: ({ name, ...others }: Props) => import("../Identity").IdentityResult;
|
|
14
7
|
export default _default;
|
|
@@ -4,15 +4,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
4
4
|
const Identity_1 = require("../Identity");
|
|
5
5
|
const GraphDefinition_1 = require("../GraphDefinition");
|
|
6
6
|
exports.default = ({ name, ...others }) => {
|
|
7
|
-
const graphAccess = (0, GraphDefinition_1.getGraphPermissions)({ name:
|
|
8
|
-
|
|
7
|
+
const graphAccess = (0, GraphDefinition_1.getGraphPermissions)({ name: "User.Read.All", type: "Role" }, { name: "Group.Read.All", type: "Role" });
|
|
8
|
+
return (0, Identity_1.default)({
|
|
9
9
|
name,
|
|
10
|
-
appType:
|
|
10
|
+
appType: "api",
|
|
11
11
|
createClientSecret: true,
|
|
12
12
|
createPrincipal: true,
|
|
13
13
|
requiredResourceAccesses: [graphAccess],
|
|
14
14
|
...others,
|
|
15
15
|
});
|
|
16
|
-
return identity;
|
|
17
16
|
};
|
|
18
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
17
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQXpVc2VyQWRSZXZlcnRTeW5jLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL0F6QWQvSWRlbnRpdGllcy9BelVzZXJBZFJldmVydFN5bmMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLDJJQUEySTs7QUFHM0ksMENBQW1DO0FBQ25DLHdEQUF5RDtBQU96RCxrQkFBZSxDQUFDLEVBQUUsSUFBSSxFQUFFLEdBQUcsTUFBTSxFQUFTLEVBQUUsRUFBRTtJQUM1QyxNQUFNLFdBQVcsR0FBRyxJQUFBLHFDQUFtQixFQUNyQyxFQUFFLElBQUksRUFBRSxlQUFlLEVBQUUsSUFBSSxFQUFFLE1BQU0sRUFBRSxFQUN2QyxFQUFFLElBQUksRUFBRSxnQkFBZ0IsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLENBQ3pDLENBQUM7SUFFRixPQUFPLElBQUEsa0JBQVEsRUFBQztRQUNkLElBQUk7UUFDSixPQUFPLEVBQUUsS0FBSztRQUNkLGtCQUFrQixFQUFFLElBQUk7UUFDeEIsZUFBZSxFQUFFLElBQUk7UUFDckIsd0JBQXdCLEVBQUUsQ0FBQyxXQUFXLENBQUM7UUFDdkMsR0FBRyxNQUFNO0tBQ1YsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyxDQUFDIn0=
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AzUserAdRevertSync = exports.AzDevOpsManagedIdentity = exports.AzDevOpsIdentity = void 0;
|
|
4
|
+
var AzDevOpsIdentity_1 = require("./AzDevOpsIdentity");
|
|
5
|
+
Object.defineProperty(exports, "AzDevOpsIdentity", { enumerable: true, get: function () { return AzDevOpsIdentity_1.default; } });
|
|
6
|
+
var AzDevOpsManagedIdentity_1 = require("./AzDevOpsManagedIdentity");
|
|
7
|
+
Object.defineProperty(exports, "AzDevOpsManagedIdentity", { enumerable: true, get: function () { return AzDevOpsManagedIdentity_1.default; } });
|
|
8
|
+
var AzUserAdRevertSync_1 = require("./AzUserAdRevertSync");
|
|
9
|
+
Object.defineProperty(exports, "AzUserAdRevertSync", { enumerable: true, get: function () { return AzUserAdRevertSync_1.default; } });
|
|
10
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvQXpBZC9JZGVudGl0aWVzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHVEQUFpRTtBQUF4RCxvSEFBQSxPQUFPLE9BQW9CO0FBQ3BDLHFFQUErRTtBQUF0RSxrSUFBQSxPQUFPLE9BQTJCO0FBQzNDLDJEQUFxRTtBQUE1RCx3SEFBQSxPQUFPLE9BQXNCIn0=
|
package/AzAd/Identity.d.ts
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
|
-
import * as azureAD from
|
|
2
|
-
import * as pulumi from
|
|
3
|
-
import {
|
|
4
|
-
import { ApplicationApiOauth2PermissionScope, ApplicationAppRole, ApplicationRequiredResourceAccess, ApplicationOptionalClaims } from
|
|
5
|
-
import { KeyVaultInfo } from
|
|
1
|
+
import * as azureAD from "@pulumi/azuread";
|
|
2
|
+
import * as pulumi from "@pulumi/pulumi";
|
|
3
|
+
import { Output } from "@pulumi/pulumi";
|
|
4
|
+
import { ApplicationApiOauth2PermissionScope, ApplicationAppRole, ApplicationRequiredResourceAccess, ApplicationOptionalClaims } from "@pulumi/azuread/types/input";
|
|
5
|
+
import { BasicArgs, IdentityRoleAssignment, KeyVaultInfo } from "../types";
|
|
6
6
|
type PreAuthApplicationProps = {
|
|
7
7
|
appId: string;
|
|
8
8
|
oauth2PermissionNames: string[];
|
|
9
9
|
};
|
|
10
|
-
|
|
10
|
+
interface IdentityProps extends BasicArgs, IdentityRoleAssignment {
|
|
11
11
|
name: string;
|
|
12
12
|
owners?: pulumi.Input<pulumi.Input<string>[]>;
|
|
13
13
|
createClientSecret?: boolean;
|
|
@@ -16,21 +16,16 @@ type IdentityProps = {
|
|
|
16
16
|
publicClient?: boolean;
|
|
17
17
|
createPrincipal?: boolean;
|
|
18
18
|
replyUrls?: pulumi.Input<pulumi.Input<string>[]>;
|
|
19
|
-
appType?:
|
|
19
|
+
appType?: "spa" | "web" | "api";
|
|
20
20
|
allowMultiOrg?: boolean;
|
|
21
21
|
appRoles?: pulumi.Input<pulumi.Input<ApplicationAppRole>[]>;
|
|
22
22
|
oauth2Permissions?: pulumi.Input<pulumi.Input<ApplicationApiOauth2PermissionScope>[]>;
|
|
23
23
|
appRoleAssignmentRequired?: boolean;
|
|
24
24
|
preAuthApplications?: PreAuthApplicationProps[];
|
|
25
25
|
requiredResourceAccesses?: pulumi.Input<pulumi.Input<ApplicationRequiredResourceAccess>[]>;
|
|
26
|
-
/**The Role Assignment of principal. If scope is not defined the default scope will be at subscription level*/
|
|
27
|
-
principalRoles?: Array<{
|
|
28
|
-
roleName: string;
|
|
29
|
-
scope?: Input<string>;
|
|
30
|
-
}>;
|
|
31
26
|
optionalClaims?: pulumi.Input<ApplicationOptionalClaims>;
|
|
32
|
-
vaultInfo
|
|
33
|
-
}
|
|
27
|
+
vaultInfo: KeyVaultInfo;
|
|
28
|
+
}
|
|
34
29
|
export type IdentityResult = {
|
|
35
30
|
name: string;
|
|
36
31
|
objectId: Output<string>;
|
|
@@ -40,12 +35,5 @@ export type IdentityResult = {
|
|
|
40
35
|
principalSecret: Output<string> | undefined;
|
|
41
36
|
resource: azureAD.Application;
|
|
42
37
|
};
|
|
43
|
-
declare const _default: ({ name, owners, createClientSecret, createPrincipal, replyUrls, appType, allowMultiOrg, appRoles, appRoleAssignmentRequired, requiredResourceAccesses, oauth2Permissions, publicClient,
|
|
44
|
-
vaultNames: {
|
|
45
|
-
clientIdKeyName: string;
|
|
46
|
-
clientSecretKeyName: string;
|
|
47
|
-
principalIdKeyName: string;
|
|
48
|
-
principalSecretKeyName: string;
|
|
49
|
-
};
|
|
50
|
-
};
|
|
38
|
+
declare const _default: ({ name, owners, createClientSecret, createPrincipal, replyUrls, appType, allowMultiOrg, appRoles, appRoleAssignmentRequired, requiredResourceAccesses, oauth2Permissions, publicClient, roles, envRole, optionalClaims, vaultInfo, dependsOn, }: IdentityProps) => IdentityResult;
|
|
51
39
|
export default _default;
|
package/AzAd/Identity.js
CHANGED
|
@@ -3,16 +3,12 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
const azureAD = require("@pulumi/azuread");
|
|
4
4
|
const pulumi = require("@pulumi/pulumi");
|
|
5
5
|
const Naming_1 = require("../Common/Naming");
|
|
6
|
-
const RoleAssignment_1 = require("./RoleAssignment");
|
|
7
|
-
const AzureEnv_1 = require("../Common/AzureEnv");
|
|
8
6
|
const CustomHelper_1 = require("../KeyVault/CustomHelper");
|
|
9
|
-
|
|
7
|
+
const Helper_1 = require("./Helper");
|
|
8
|
+
exports.default = ({ name, owners, createClientSecret = false, createPrincipal = false, replyUrls, appType = "spa", allowMultiOrg = false, appRoles, appRoleAssignmentRequired, requiredResourceAccesses = [], oauth2Permissions, publicClient = false, roles, envRole, optionalClaims, vaultInfo, dependsOn, }) => {
|
|
10
9
|
// Azure AD Application no need suffix
|
|
11
10
|
name = (0, Naming_1.getIdentityName)(name);
|
|
12
|
-
const
|
|
13
|
-
const clientSecretKeyName = `${name}-client-secret`;
|
|
14
|
-
const principalIdKeyName = `${name}-principal-id`;
|
|
15
|
-
const principalSecretKeyName = `${name}-principal-secret`;
|
|
11
|
+
const secretNames = (0, Helper_1.getIdentitySecretNames)(name);
|
|
16
12
|
const identifierUris = publicClient
|
|
17
13
|
? undefined
|
|
18
14
|
: [`api://${name.toLowerCase()}`];
|
|
@@ -21,16 +17,16 @@ exports.default = ({ name, owners, createClientSecret = false, createPrincipal =
|
|
|
21
17
|
description: name,
|
|
22
18
|
owners,
|
|
23
19
|
appRoles,
|
|
24
|
-
signInAudience: allowMultiOrg ?
|
|
25
|
-
groupMembershipClaims: [
|
|
20
|
+
signInAudience: allowMultiOrg ? "AzureADMultipleOrgs" : "AzureADMyOrg",
|
|
21
|
+
groupMembershipClaims: ["SecurityGroup"],
|
|
26
22
|
identifierUris,
|
|
27
23
|
publicClient: publicClient ? { redirectUris: replyUrls } : undefined,
|
|
28
|
-
singlePageApplication: appType ===
|
|
24
|
+
singlePageApplication: appType === "spa"
|
|
29
25
|
? {
|
|
30
26
|
redirectUris: replyUrls,
|
|
31
27
|
}
|
|
32
28
|
: undefined,
|
|
33
|
-
web: appType ===
|
|
29
|
+
web: appType === "web"
|
|
34
30
|
? {
|
|
35
31
|
redirectUris: replyUrls,
|
|
36
32
|
implicitGrant: {
|
|
@@ -39,7 +35,7 @@ exports.default = ({ name, owners, createClientSecret = false, createPrincipal =
|
|
|
39
35
|
},
|
|
40
36
|
}
|
|
41
37
|
: undefined,
|
|
42
|
-
api: appType ===
|
|
38
|
+
api: appType === "api"
|
|
43
39
|
? {
|
|
44
40
|
oauth2PermissionScopes: oauth2Permissions,
|
|
45
41
|
mappedClaimsEnabled: true,
|
|
@@ -52,29 +48,32 @@ exports.default = ({ name, owners, createClientSecret = false, createPrincipal =
|
|
|
52
48
|
? pulumi.output(requiredResourceAccesses).apply((r) => [...r])
|
|
53
49
|
: undefined,
|
|
54
50
|
optionalClaims,
|
|
51
|
+
}, { dependsOn });
|
|
52
|
+
(0, CustomHelper_1.addCustomSecret)({
|
|
53
|
+
name: secretNames.objectIdName,
|
|
54
|
+
value: app.objectId,
|
|
55
|
+
vaultInfo,
|
|
56
|
+
contentType: "Identity",
|
|
57
|
+
});
|
|
58
|
+
(0, CustomHelper_1.addCustomSecret)({
|
|
59
|
+
name: secretNames.clientIdKeyName,
|
|
60
|
+
value: app.clientId,
|
|
61
|
+
vaultInfo,
|
|
62
|
+
contentType: "Identity",
|
|
55
63
|
});
|
|
56
|
-
if (vaultInfo)
|
|
57
|
-
(0, CustomHelper_1.addCustomSecret)({
|
|
58
|
-
name: clientIdKeyName,
|
|
59
|
-
value: app.clientId,
|
|
60
|
-
vaultInfo,
|
|
61
|
-
contentType: 'Identity',
|
|
62
|
-
});
|
|
63
64
|
let clientSecret = undefined;
|
|
64
65
|
if (createClientSecret) {
|
|
65
66
|
clientSecret = new azureAD.ApplicationPassword(name, {
|
|
66
67
|
displayName: name,
|
|
67
68
|
applicationId: app.id,
|
|
68
|
-
endDateRelative:
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
contentType: 'Identity',
|
|
77
|
-
});
|
|
69
|
+
endDateRelative: "43800h",
|
|
70
|
+
}, { ignoreChanges: ["applicationId", "applicationObjectId"] }).value;
|
|
71
|
+
(0, CustomHelper_1.addCustomSecret)({
|
|
72
|
+
name: secretNames.clientSecretKeyName,
|
|
73
|
+
value: clientSecret,
|
|
74
|
+
vaultInfo,
|
|
75
|
+
contentType: "Identity",
|
|
76
|
+
});
|
|
78
77
|
}
|
|
79
78
|
let principal;
|
|
80
79
|
let principalSecret = undefined;
|
|
@@ -83,36 +82,32 @@ exports.default = ({ name, owners, createClientSecret = false, createPrincipal =
|
|
|
83
82
|
//Allow to access to application as the permission is manage by Group assignment.
|
|
84
83
|
appRoleAssignmentRequired,
|
|
85
84
|
clientId: app.clientId,
|
|
86
|
-
}, { ignoreChanges: [
|
|
85
|
+
}, { ignoreChanges: ["clientId", "applicationId"] });
|
|
87
86
|
principalSecret = new azureAD.ServicePrincipalPassword(name, {
|
|
88
87
|
displayName: name,
|
|
89
88
|
servicePrincipalId: principal.objectId,
|
|
90
|
-
endDateRelative:
|
|
89
|
+
endDateRelative: "43800h",
|
|
91
90
|
//value: randomPassword({ name: `${name}-principalSecret` }).result,
|
|
92
91
|
}).value;
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
vaultInfo,
|
|
113
|
-
contentType: 'Identity',
|
|
114
|
-
});
|
|
115
|
-
}
|
|
92
|
+
(0, Helper_1.grantIdentityPermissions)({
|
|
93
|
+
name,
|
|
94
|
+
envRole,
|
|
95
|
+
roles,
|
|
96
|
+
vaultInfo,
|
|
97
|
+
principalId: principal.objectId,
|
|
98
|
+
});
|
|
99
|
+
(0, CustomHelper_1.addCustomSecret)({
|
|
100
|
+
name: secretNames.principalIdKeyName,
|
|
101
|
+
value: principal.objectId,
|
|
102
|
+
vaultInfo,
|
|
103
|
+
contentType: "Identity",
|
|
104
|
+
});
|
|
105
|
+
(0, CustomHelper_1.addCustomSecret)({
|
|
106
|
+
name: secretNames.principalSecretKeyName,
|
|
107
|
+
value: principalSecret,
|
|
108
|
+
vaultInfo,
|
|
109
|
+
contentType: "Identity",
|
|
110
|
+
});
|
|
116
111
|
}
|
|
117
112
|
return {
|
|
118
113
|
name,
|
|
@@ -122,12 +117,6 @@ exports.default = ({ name, owners, createClientSecret = false, createPrincipal =
|
|
|
122
117
|
principalId: principal?.objectId,
|
|
123
118
|
principalSecret,
|
|
124
119
|
resource: app,
|
|
125
|
-
vaultNames: {
|
|
126
|
-
clientIdKeyName,
|
|
127
|
-
clientSecretKeyName,
|
|
128
|
-
principalIdKeyName,
|
|
129
|
-
principalSecretKeyName,
|
|
130
|
-
},
|
|
131
120
|
};
|
|
132
121
|
};
|
|
133
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
122
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSWRlbnRpdHkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvQXpBZC9JZGVudGl0eS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLDJDQUEyQztBQUUzQyx5Q0FBeUM7QUFFekMsNkNBQW1EO0FBUW5ELDJEQUEyRDtBQUMzRCxxQ0FBNEU7QUF5QzVFLGtCQUFlLENBQUMsRUFDZCxJQUFJLEVBQ0osTUFBTSxFQUNOLGtCQUFrQixHQUFHLEtBQUssRUFDMUIsZUFBZSxHQUFHLEtBQUssRUFDdkIsU0FBUyxFQUNULE9BQU8sR0FBRyxLQUFLLEVBQ2YsYUFBYSxHQUFHLEtBQUssRUFDckIsUUFBUSxFQUNSLHlCQUF5QixFQUN6Qix3QkFBd0IsR0FBRyxFQUFFLEVBQzdCLGlCQUFpQixFQUNqQixZQUFZLEdBQUcsS0FBSyxFQUNwQixLQUFLLEVBQ0wsT0FBTyxFQUNQLGNBQWMsRUFDZCxTQUFTLEVBQ1QsU0FBUyxHQUNLLEVBQWtCLEVBQUU7SUFDbEMsc0NBQXNDO0lBQ3RDLElBQUksR0FBRyxJQUFBLHdCQUFlLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFDN0IsTUFBTSxXQUFXLEdBQUcsSUFBQSwrQkFBc0IsRUFBQyxJQUFJLENBQUMsQ0FBQztJQUVqRCxNQUFNLGNBQWMsR0FBRyxZQUFZO1FBQ2pDLENBQUMsQ0FBQyxTQUFTO1FBQ1gsQ0FBQyxDQUFDLENBQUMsU0FBUyxJQUFJLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBRXBDLE1BQU0sR0FBRyxHQUFHLElBQUksT0FBTyxDQUFDLFdBQVcsQ0FDakMsSUFBSSxFQUNKO1FBQ0UsV0FBVyxFQUFFLElBQUk7UUFDakIsV0FBVyxFQUFFLElBQUk7UUFFakIsTUFBTTtRQUNOLFFBQVE7UUFDUixjQUFjLEVBQUUsYUFBYSxDQUFDLENBQUMsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDLENBQUMsY0FBYztRQUN0RSxxQkFBcUIsRUFBRSxDQUFDLGVBQWUsQ0FBQztRQUN4QyxjQUFjO1FBRWQsWUFBWSxFQUFFLFlBQVksQ0FBQyxDQUFDLENBQUMsRUFBRSxZQUFZLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFFcEUscUJBQXFCLEVBQ25CLE9BQU8sS0FBSyxLQUFLO1lBQ2YsQ0FBQyxDQUFDO2dCQUNFLFlBQVksRUFBRSxTQUFTO2FBQ3hCO1lBQ0gsQ0FBQyxDQUFDLFNBQVM7UUFFZixHQUFHLEVBQ0QsT0FBTyxLQUFLLEtBQUs7WUFDZixDQUFDLENBQUM7Z0JBQ0UsWUFBWSxFQUFFLFNBQVM7Z0JBQ3ZCLGFBQWEsRUFBRTtvQkFDYiwwQkFBMEIsRUFBRSxJQUFJO29CQUNoQyxzQkFBc0IsRUFBRSxJQUFJO2lCQUM3QjthQUNGO1lBQ0gsQ0FBQyxDQUFDLFNBQVM7UUFFZixHQUFHLEVBQ0QsT0FBTyxLQUFLLEtBQUs7WUFDZixDQUFDLENBQUM7Z0JBQ0Usc0JBQXNCLEVBQUUsaUJBQWlCO2dCQUN6QyxtQkFBbUIsRUFBRSxJQUFJO2dCQUN6QiwyQkFBMkIsRUFBRSxDQUFDO2FBQy9CO1lBQ0gsQ0FBQyxDQUFDLFNBQVM7UUFFZiwyQkFBMkIsRUFBRSxLQUFLO1FBQ2xDLHFCQUFxQixFQUFFLElBQUk7UUFDM0Isd0JBQXdCLEVBQUUsd0JBQXdCO1lBQ2hELENBQUMsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLHdCQUF3QixDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7WUFDOUQsQ0FBQyxDQUFDLFNBQVM7UUFFYixjQUFjO0tBQ2YsRUFDRCxFQUFFLFNBQVMsRUFBRSxDQUNkLENBQUM7SUFFRixJQUFBLDhCQUFlLEVBQUM7UUFDZCxJQUFJLEVBQUUsV0FBVyxDQUFDLFlBQVk7UUFDOUIsS0FBSyxFQUFFLEdBQUcsQ0FBQyxRQUFRO1FBQ25CLFNBQVM7UUFDVCxXQUFXLEVBQUUsVUFBVTtLQUN4QixDQUFDLENBQUM7SUFFSCxJQUFBLDhCQUFlLEVBQUM7UUFDZCxJQUFJLEVBQUUsV0FBVyxDQUFDLGVBQWU7UUFDakMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxRQUFRO1FBQ25CLFNBQVM7UUFDVCxXQUFXLEVBQUUsVUFBVTtLQUN4QixDQUFDLENBQUM7SUFFSCxJQUFJLFlBQVksR0FBK0IsU0FBUyxDQUFDO0lBQ3pELElBQUksa0JBQWtCLEVBQUUsQ0FBQztRQUN2QixZQUFZLEdBQUcsSUFBSSxPQUFPLENBQUMsbUJBQW1CLENBQzVDLElBQUksRUFDSjtZQUNFLFdBQVcsRUFBRSxJQUFJO1lBQ2pCLGFBQWEsRUFBRSxHQUFHLENBQUMsRUFBRTtZQUNyQixlQUFlLEVBQUUsUUFBUTtTQUMxQixFQUNELEVBQUUsYUFBYSxFQUFFLENBQUMsZUFBZSxFQUFFLHFCQUFxQixDQUFDLEVBQUUsQ0FDNUQsQ0FBQyxLQUFLLENBQUM7UUFFUixJQUFBLDhCQUFlLEVBQUM7WUFDZCxJQUFJLEVBQUUsV0FBVyxDQUFDLG1CQUFtQjtZQUNyQyxLQUFLLEVBQUUsWUFBWTtZQUNuQixTQUFTO1lBQ1QsV0FBVyxFQUFFLFVBQVU7U0FDeEIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELElBQUksU0FBdUMsQ0FBQztJQUM1QyxJQUFJLGVBQWUsR0FBK0IsU0FBUyxDQUFDO0lBRTVELElBQUksZUFBZSxJQUFJLHlCQUF5QixFQUFFLENBQUM7UUFDakQsU0FBUyxHQUFHLElBQUksT0FBTyxDQUFDLGdCQUFnQixDQUN0QyxJQUFJLEVBQ0o7WUFDRSxpRkFBaUY7WUFDakYseUJBQXlCO1lBQ3pCLFFBQVEsRUFBRSxHQUFHLENBQUMsUUFBUTtTQUN2QixFQUNELEVBQUUsYUFBYSxFQUFFLENBQUMsVUFBVSxFQUFFLGVBQWUsQ0FBQyxFQUFFLENBQ2pELENBQUM7UUFFRixlQUFlLEdBQUcsSUFBSSxPQUFPLENBQUMsd0JBQXdCLENBQUMsSUFBSSxFQUFFO1lBQzNELFdBQVcsRUFBRSxJQUFJO1lBQ2pCLGtCQUFrQixFQUFFLFNBQVMsQ0FBQyxRQUFRO1lBQ3RDLGVBQWUsRUFBRSxRQUFRO1lBQ3pCLG9FQUFvRTtTQUNyRSxDQUFDLENBQUMsS0FBSyxDQUFDO1FBRVQsSUFBQSxpQ0FBd0IsRUFBQztZQUN2QixJQUFJO1lBQ0osT0FBTztZQUNQLEtBQUs7WUFDTCxTQUFTO1lBQ1QsV0FBVyxFQUFFLFNBQVMsQ0FBQyxRQUFRO1NBQ2hDLENBQUMsQ0FBQztRQUVILElBQUEsOEJBQWUsRUFBQztZQUNkLElBQUksRUFBRSxXQUFXLENBQUMsa0JBQWtCO1lBQ3BDLEtBQUssRUFBRSxTQUFTLENBQUMsUUFBUTtZQUN6QixTQUFTO1lBQ1QsV0FBVyxFQUFFLFVBQVU7U0FDeEIsQ0FBQyxDQUFDO1FBRUgsSUFBQSw4QkFBZSxFQUFDO1lBQ2QsSUFBSSxFQUFFLFdBQVcsQ0FBQyxzQkFBc0I7WUFDeEMsS0FBSyxFQUFFLGVBQWU7WUFDdEIsU0FBUztZQUNULFdBQVcsRUFBRSxVQUFVO1NBQ3hCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxPQUFPO1FBQ0wsSUFBSTtRQUNKLFFBQVEsRUFBRSxHQUFHLENBQUMsUUFBUTtRQUN0QixRQUFRLEVBQUUsR0FBRyxDQUFDLFFBQVE7UUFDdEIsWUFBWTtRQUNaLFdBQVcsRUFBRSxTQUFTLEVBQUUsUUFBUTtRQUNoQyxlQUFlO1FBQ2YsUUFBUSxFQUFFLEdBQUc7S0FDZCxDQUFDO0FBQ0osQ0FBQyxDQUFDIn0=
|
package/AzAd/Role.d.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { GroupPermissionProps } from "./Group";
|
|
2
2
|
import { Environments } from "../Common/AzureEnv";
|
|
3
3
|
import { Input } from "@pulumi/pulumi";
|
|
4
|
-
interface RoleProps {
|
|
5
|
-
env
|
|
4
|
+
export interface RoleProps {
|
|
5
|
+
env?: Environments;
|
|
6
6
|
/** The country code or GLB for Global*/
|
|
7
7
|
location?: string;
|
|
8
8
|
appName: string;
|
|
@@ -13,6 +13,5 @@ interface RoleProps {
|
|
|
13
13
|
permissions?: Array<GroupPermissionProps>;
|
|
14
14
|
}
|
|
15
15
|
export type RoleNameType = Pick<RoleProps, "env" | "location" | "appName" | "moduleName" | "roleName">;
|
|
16
|
-
export declare const getRoleName: ({ env, location, appName, moduleName, roleName, }: RoleNameType) => string;
|
|
17
16
|
declare const _default: ({ members, owners, permissions, ...others }: RoleProps) => import("@pulumi/pulumi").Output<import("@pulumi/azuread/group").Group>;
|
|
18
17
|
export default _default;
|
package/AzAd/Role.js
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.getRoleName = void 0;
|
|
4
3
|
const Group_1 = require("./Group");
|
|
4
|
+
const AzureEnv_1 = require("../Common/AzureEnv");
|
|
5
5
|
const pulumi_1 = require("@pulumi/pulumi");
|
|
6
6
|
const StackEnv_1 = require("../Common/StackEnv");
|
|
7
|
-
const getRoleName = ({ env, location, appName, moduleName, roleName, }) => {
|
|
7
|
+
const getRoleName = ({ env = AzureEnv_1.currentEnv, location, appName, moduleName, roleName, }) => {
|
|
8
8
|
const nameBuilder = [`${StackEnv_1.organization} ROL`, env];
|
|
9
9
|
if (location)
|
|
10
10
|
nameBuilder.push(location);
|
|
@@ -15,9 +15,8 @@ const getRoleName = ({ env, location, appName, moduleName, roleName, }) => {
|
|
|
15
15
|
nameBuilder.push(roleName);
|
|
16
16
|
return nameBuilder.join(" ").toUpperCase();
|
|
17
17
|
};
|
|
18
|
-
exports.getRoleName = getRoleName;
|
|
19
18
|
exports.default = ({ members, owners, permissions, ...others }) => {
|
|
20
|
-
const name =
|
|
19
|
+
const name = getRoleName(others);
|
|
21
20
|
return (0, pulumi_1.output)((0, Group_1.default)({
|
|
22
21
|
name,
|
|
23
22
|
members,
|
|
@@ -25,4 +24,4 @@ exports.default = ({ members, owners, permissions, ...others }) => {
|
|
|
25
24
|
permissions,
|
|
26
25
|
}));
|
|
27
26
|
};
|
|
28
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
27
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUm9sZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9BekFkL1JvbGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSxtQ0FBK0Q7QUFDL0QsaURBQThEO0FBQzlELDJDQUErQztBQUMvQyxpREFBa0Q7QUFvQmxELE1BQU0sV0FBVyxHQUFHLENBQUMsRUFDbkIsR0FBRyxHQUFHLHFCQUFVLEVBQ2hCLFFBQVEsRUFDUixPQUFPLEVBQ1AsVUFBVSxFQUNWLFFBQVEsR0FDSyxFQUFFLEVBQUU7SUFDakIsTUFBTSxXQUFXLEdBQUcsQ0FBQyxHQUFHLHVCQUFZLE1BQU0sRUFBRSxHQUFHLENBQUMsQ0FBQztJQUNqRCxJQUFJLFFBQVE7UUFBRSxXQUFXLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3pDLElBQUksVUFBVTtRQUFFLFdBQVcsQ0FBQyxJQUFJLENBQUMsR0FBRyxPQUFPLElBQUksVUFBVSxFQUFFLENBQUMsQ0FBQzs7UUFDeEQsV0FBVyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUMvQixXQUFXLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQzNCLE9BQU8sV0FBVyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztBQUM3QyxDQUFDLENBQUM7QUFFRixrQkFBZSxDQUFDLEVBQUUsT0FBTyxFQUFFLE1BQU0sRUFBRSxXQUFXLEVBQUUsR0FBRyxNQUFNLEVBQWEsRUFBRSxFQUFFO0lBQ3hFLE1BQU0sSUFBSSxHQUFHLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUNqQyxPQUFPLElBQUEsZUFBTSxFQUNYLElBQUEsZUFBYyxFQUFDO1FBQ2IsSUFBSTtRQUNKLE9BQU87UUFDUCxNQUFNO1FBQ04sV0FBVztLQUNaLENBQUMsQ0FDSCxDQUFDO0FBQ0osQ0FBQyxDQUFDIn0=
|