@drunk-pulumi/azure 1.0.4 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Aks/Helper.d.ts +3 -5
- package/Aks/Helper.js +1 -1
- package/Aks/Identity.d.ts +2 -5
- package/Aks/Identity.js +1 -1
- package/Aks/VmSetAutoScale/index.d.ts +0 -2
- package/Aks/VmSetAutoScale/index.js +1 -1
- package/Aks/VmSetMonitor/index.d.ts +0 -2
- package/Aks/VmSetMonitor/index.js +6 -6
- package/Aks/index.d.ts +6 -14
- package/Aks/index.js +29 -38
- package/Automation/index.d.ts +2 -3
- package/Automation/index.js +6 -14
- package/AzAd/EnvRoles.Consts.d.ts +4 -3
- package/AzAd/EnvRoles.Consts.js +28 -46
- package/AzAd/EnvRoles.d.ts +5 -4
- package/AzAd/EnvRoles.js +32 -25
- package/AzAd/Group.d.ts +5 -7
- package/AzAd/Group.js +5 -14
- package/AzAd/Helper.d.ts +6 -6
- package/AzAd/Helper.js +39 -54
- package/AzAd/Identities/AzDevOpsIdentity.d.ts +2 -2
- package/AzAd/Identities/AzDevOpsIdentity.js +13 -7
- package/AzAd/Identities/AzDevOpsManagedIdentity.js +2 -7
- package/AzAd/Identities/AzUserAdRevertSync.d.ts +2 -3
- package/AzAd/Identities/AzUserAdRevertSync.js +3 -4
- package/AzAd/Identities/GlobalUserAssignedIdentity.d.ts +4 -0
- package/AzAd/Identities/GlobalUserAssignedIdentity.js +19 -0
- package/AzAd/Identities/index.d.ts +4 -3
- package/AzAd/Identities/index.js +26 -2
- package/AzAd/Identity.d.ts +4 -7
- package/AzAd/Identity.js +19 -27
- package/AzAd/RoleAssignment.d.ts +2 -2
- package/AzAd/RoleAssignment.js +3 -3
- package/AzAd/UserAssignedIdentity.d.ts +3 -3
- package/AzAd/UserAssignedIdentity.js +24 -6
- package/Builder/AksBuilder.js +3 -3
- package/Builder/ApimApiBuilder.js +3 -3
- package/Builder/ApimPolicyBuilder.js +3 -3
- package/Builder/ApimProductBuilder.js +6 -12
- package/Builder/EnvRoleBuilder.d.ts +36 -0
- package/Builder/EnvRoleBuilder.js +57 -0
- package/Builder/ResourceBuilder.js +26 -16
- package/Builder/SqlBuilder.js +7 -1
- package/Builder/VmBuilder.js +2 -5
- package/Builder/index.d.ts +15 -14
- package/Builder/index.js +4 -2
- package/Builder/types/apimPolicyBuilder.d.ts +4 -5
- package/Builder/types/apimPolicyBuilder.js +1 -1
- package/Builder/types/apimProductBuilder.d.ts +8 -10
- package/Builder/types/envRoleBuilder.d.ts +14 -0
- package/Builder/types/envRoleBuilder.js +3 -0
- package/Builder/types/genericBuilder.d.ts +15 -13
- package/Builder/types/genericBuilder.js +1 -1
- package/Builder/types/index.d.ts +15 -14
- package/Builder/types/index.js +2 -1
- package/Builder/types/resourceBuilder.d.ts +7 -6
- package/Builder/types/sqlBuilder.d.ts +2 -3
- package/Builder/types/storageBuilder.d.ts +1 -1
- package/Builder/types/vaultBuilder.d.ts +2 -2
- package/Builder/types/vmBuilder.d.ts +11 -11
- package/Builder/types/vnetBuilder.d.ts +19 -19
- package/Cdn/CdnEndpoint.d.ts +2 -2
- package/Cdn/index.d.ts +2 -2
- package/Cdn/index.js +3 -11
- package/Certificate/index.js +12 -25
- package/Common/AzureEnv.d.ts +1 -2
- package/Common/AzureEnv.js +2 -10
- package/Common/Naming/index.d.ts +1 -0
- package/Common/Naming/index.js +5 -3
- package/ContainerRegistry/Helper.d.ts +2 -3
- package/ContainerRegistry/Helper.js +2 -3
- package/ContainerRegistry/index.d.ts +2 -4
- package/ContainerRegistry/index.js +1 -50
- package/Core/Helper.d.ts +4 -2
- package/Core/Helper.js +7 -2
- package/Core/KeyGenerators.d.ts +2 -4
- package/Core/KeyGenerators.js +7 -12
- package/Core/Random.d.ts +6 -9
- package/Core/Random.js +17 -21
- package/Core/ResourceCreator.d.ts +2 -2
- package/Core/ResourceGroup.d.ts +2 -2
- package/Core/ResourceGroup.js +4 -3
- package/CosmosDb/index.d.ts +4 -9
- package/CosmosDb/index.js +4 -4
- package/IOT/Hub/index.d.ts +4 -5
- package/IOT/Hub/index.js +25 -26
- package/KeyVault/CustomHelper.d.ts +4 -9
- package/KeyVault/CustomHelper.js +3 -4
- package/KeyVault/Helper.d.ts +10 -13
- package/KeyVault/Helper.js +46 -26
- package/KeyVault/index.js +2 -1
- package/Logs/AppInsight.d.ts +2 -3
- package/Logs/AppInsight.js +1 -1
- package/Logs/Helpers.d.ts +3 -8
- package/Logs/Helpers.js +7 -9
- package/Logs/LogAnalytics.d.ts +2 -5
- package/Logs/LogAnalytics.js +13 -17
- package/Logs/index.d.ts +3 -5
- package/Logs/index.js +7 -4
- package/MySql/index.d.ts +3 -10
- package/MySql/index.js +15 -20
- package/Postgresql/index.d.ts +3 -4
- package/Postgresql/index.js +30 -24
- package/RedisCache/index.d.ts +5 -3
- package/RedisCache/index.js +18 -24
- package/ServiceBus/index.d.ts +6 -8
- package/ServiceBus/index.js +9 -15
- package/SignalR/index.d.ts +5 -3
- package/SignalR/index.js +19 -28
- package/Sql/SqlDb.d.ts +3 -3
- package/Sql/SqlDb.js +11 -2
- package/Sql/index.d.ts +5 -9
- package/Sql/index.js +41 -30
- package/Storage/ManagementRules.d.ts +6 -8
- package/Storage/ManagementRules.js +3 -3
- package/Storage/index.d.ts +3 -6
- package/Storage/index.js +24 -27
- package/VM/DiskEncryptionSet.d.ts +8 -0
- package/VM/DiskEncryptionSet.js +43 -0
- package/VM/index.d.ts +5 -11
- package/VM/index.js +24 -12
- package/VNet/Firewall.js +3 -5
- package/VNet/FirewallPolicies/AksFirewallPolicy.d.ts +2 -1
- package/VNet/FirewallPolicies/AksFirewallPolicy.js +22 -19
- package/VNet/Helper.d.ts +2 -2
- package/VNet/Helper.js +6 -3
- package/VNet/IpAddressPrefix.d.ts +5 -7
- package/VNet/IpAddressPrefix.js +5 -5
- package/VNet/PrivateEndpoint.d.ts +2 -2
- package/VNet/PrivateEndpoint.js +2 -3
- package/VNet/RouteTable.d.ts +4 -4
- package/VNet/RouteTable.js +4 -4
- package/VNet/Vnet.js +5 -1
- package/VNet/index.d.ts +3 -5
- package/VNet/index.js +1 -1
- package/VNet/types.d.ts +3 -4
- package/Web/AppCertOrder.d.ts +2 -3
- package/Web/AppCertOrder.js +1 -1
- package/Web/AppConfig.d.ts +2 -5
- package/Web/AppConfig.js +3 -4
- package/package.json +5 -5
- package/types.d.ts +42 -28
package/AzAd/EnvRoles.Consts.js
CHANGED
|
@@ -2,7 +2,6 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.grantEnvRolesAccess = exports.getRoleNames = void 0;
|
|
4
4
|
const RoleAssignment_1 = require("./RoleAssignment");
|
|
5
|
-
const Common_1 = require("../Common");
|
|
6
5
|
//Resource Group Role
|
|
7
6
|
const RGRoleNames = {
|
|
8
7
|
readOnly: ['Reader'],
|
|
@@ -78,9 +77,10 @@ const StorageRoleNames = {
|
|
|
78
77
|
//Container Registry Roles
|
|
79
78
|
const ContainerRegistry = {
|
|
80
79
|
readOnly: [
|
|
81
|
-
'ACR Registry Catalog Lister',
|
|
80
|
+
//'ACR Registry Catalog Lister',
|
|
82
81
|
'ACR Repository Reader',
|
|
83
82
|
'AcrQuarantineReader',
|
|
83
|
+
//'AcrPull',
|
|
84
84
|
],
|
|
85
85
|
contributor: [
|
|
86
86
|
'AcrImageSigner',
|
|
@@ -92,6 +92,12 @@ const ContainerRegistry = {
|
|
|
92
92
|
],
|
|
93
93
|
admin: ['AcrDelete'],
|
|
94
94
|
};
|
|
95
|
+
//AppConfig Roles
|
|
96
|
+
const AppConfigRoleNames = {
|
|
97
|
+
readOnly: ['App Configuration Data Reader'],
|
|
98
|
+
contributor: ['App Configuration Data Owner'],
|
|
99
|
+
admin: [],
|
|
100
|
+
};
|
|
95
101
|
const getRoleFor = (roleType, roleCollection, results) => {
|
|
96
102
|
if (!roleType)
|
|
97
103
|
return results;
|
|
@@ -111,7 +117,7 @@ const getRoleFor = (roleType, roleCollection, results) => {
|
|
|
111
117
|
}
|
|
112
118
|
return results;
|
|
113
119
|
};
|
|
114
|
-
const getRoleNames = ({ enableRGRoles, enableIotRoles, enableVaultRoles, enableAksRoles, enableStorageRoles, enableACRRoles, }) => {
|
|
120
|
+
const getRoleNames = ({ enableRGRoles, enableIotRoles, enableVaultRoles, enableAksRoles, enableStorageRoles, enableACRRoles, enableAppConfig, }) => {
|
|
115
121
|
const rs = {
|
|
116
122
|
readOnly: new Set(),
|
|
117
123
|
admin: new Set(),
|
|
@@ -123,6 +129,7 @@ const getRoleNames = ({ enableRGRoles, enableIotRoles, enableVaultRoles, enableA
|
|
|
123
129
|
getRoleFor(enableAksRoles, AksRoleNames, rs);
|
|
124
130
|
getRoleFor(enableStorageRoles, StorageRoleNames, rs);
|
|
125
131
|
getRoleFor(enableACRRoles, ContainerRegistry, rs);
|
|
132
|
+
getRoleFor(enableAppConfig, AppConfigRoleNames, rs);
|
|
126
133
|
return {
|
|
127
134
|
readOnly: Array.from(rs.readOnly).sort(),
|
|
128
135
|
admin: Array.from(rs.admin).sort(),
|
|
@@ -132,48 +139,23 @@ const getRoleNames = ({ enableRGRoles, enableIotRoles, enableVaultRoles, enableA
|
|
|
132
139
|
exports.getRoleNames = getRoleNames;
|
|
133
140
|
const grantEnvRolesAccess = ({ name, envRoles, scope, dependsOn, ...others }) => {
|
|
134
141
|
const roles = (0, exports.getRoleNames)(others);
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
(
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
const n = `${name}-contributor-${(0, Common_1.replaceAll)(r, ' ', '')}`;
|
|
153
|
-
(0, RoleAssignment_1.roleAssignment)({
|
|
154
|
-
name: n,
|
|
155
|
-
principalId: envRoles.contributor.objectId,
|
|
156
|
-
principalType: 'Group',
|
|
157
|
-
roleName: r,
|
|
158
|
-
scope,
|
|
159
|
-
dependsOn,
|
|
160
|
-
});
|
|
161
|
-
});
|
|
162
|
-
}
|
|
163
|
-
if (envRoles.admin.objectId) {
|
|
164
|
-
//Admin
|
|
165
|
-
roles.admin.forEach((r) => {
|
|
166
|
-
const n = `${name}-admin-${(0, Common_1.replaceAll)(r, ' ', '')}`;
|
|
167
|
-
(0, RoleAssignment_1.roleAssignment)({
|
|
168
|
-
name: n,
|
|
169
|
-
principalId: envRoles.admin.objectId,
|
|
170
|
-
principalType: 'Group',
|
|
171
|
-
roleName: r,
|
|
172
|
-
scope,
|
|
173
|
-
dependsOn,
|
|
174
|
-
});
|
|
175
|
-
});
|
|
176
|
-
}
|
|
142
|
+
Object.keys(envRoles).forEach((k) => {
|
|
143
|
+
const type = k;
|
|
144
|
+
const objectId = envRoles[type].objectId;
|
|
145
|
+
if (!objectId) {
|
|
146
|
+
console.warn(`The Env role '${type}' was ignored as the objectId was NULL.`);
|
|
147
|
+
return;
|
|
148
|
+
}
|
|
149
|
+
const n = `${name}-${type}`;
|
|
150
|
+
roles[type].forEach((r) => (0, RoleAssignment_1.roleAssignment)({
|
|
151
|
+
name: n,
|
|
152
|
+
roleName: r,
|
|
153
|
+
principalId: objectId,
|
|
154
|
+
principalType: 'Group',
|
|
155
|
+
scope,
|
|
156
|
+
dependsOn,
|
|
157
|
+
}));
|
|
158
|
+
});
|
|
177
159
|
};
|
|
178
160
|
exports.grantEnvRolesAccess = grantEnvRolesAccess;
|
|
179
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
161
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRW52Um9sZXMuQ29uc3RzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL0F6QWQvRW52Um9sZXMuQ29uc3RzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLHFEQUF1RTtBQUV2RSxxQkFBcUI7QUFDckIsTUFBTSxXQUFXLEdBQXNDO0lBQ3JELFFBQVEsRUFBRSxDQUFDLFFBQVEsQ0FBQztJQUNwQixXQUFXLEVBQUUsQ0FBQyxhQUFhLENBQUM7SUFDNUIsS0FBSyxFQUFFLENBQUMsT0FBTyxDQUFDO0NBQ2pCLENBQUM7QUFFRixXQUFXO0FBQ1gsTUFBTSxZQUFZLEdBQXNDO0lBQ3RELFFBQVEsRUFBRTtRQUNSLHNDQUFzQztRQUN0Qyw0Q0FBNEM7S0FDN0M7SUFDRCxXQUFXLEVBQUU7UUFDWCxzQ0FBc0M7UUFDdEMsNENBQTRDO0tBQzdDO0lBQ0QsS0FBSyxFQUFFO1FBQ0wsNkNBQTZDO1FBQzdDLDZDQUE2QztLQUM5QztDQUNGLENBQUM7QUFFRixXQUFXO0FBQ1gsTUFBTSxlQUFlLEdBQXNDO0lBQ3pELFFBQVEsRUFBRSxDQUFDLHFCQUFxQixDQUFDO0lBQ2pDLFdBQVcsRUFBRSxDQUFDLDBCQUEwQixDQUFDO0lBQ3pDLEtBQUssRUFBRSxDQUFDLDhCQUE4QixFQUFFLDBCQUEwQixDQUFDO0NBQ3BFLENBQUM7QUFFRixpQkFBaUI7QUFDakIsTUFBTSxpQkFBaUIsR0FBc0M7SUFDM0QsUUFBUSxFQUFFO1FBQ1IsMENBQTBDO1FBQzFDLHVDQUF1QztRQUN2Qyx3QkFBd0I7UUFDeEIsdUJBQXVCO1FBQ3ZCLDRCQUE0QjtRQUM1QixrQkFBa0I7S0FDbkI7SUFDRCxXQUFXLEVBQUU7UUFDWCxnQ0FBZ0M7UUFDaEMsMEJBQTBCO1FBQzFCLDJCQUEyQjtRQUMzQix1QkFBdUI7S0FDeEI7SUFDRCxLQUFLLEVBQUUsQ0FBQyx5QkFBeUIsRUFBRSxxQ0FBcUMsQ0FBQztDQUMxRSxDQUFDO0FBRUYsZUFBZTtBQUNmLE1BQU0sZ0JBQWdCLEdBQXNDO0lBQzFELFFBQVEsRUFBRTtRQUNSLDBCQUEwQjtRQUMxQixvQ0FBb0M7UUFDcEMsMkJBQTJCO1FBQzNCLDJCQUEyQjtLQUM1QjtJQUNELFdBQVcsRUFBRTtRQUNYLG9DQUFvQztRQUNwQyw2QkFBNkI7UUFDN0IsbURBQW1EO1FBQ25ELCtCQUErQjtRQUMvQixxQ0FBcUM7UUFDckMseUNBQXlDO1FBQ3pDLGtEQUFrRDtRQUNsRCxnQ0FBZ0M7UUFDaEMsc0NBQXNDO1FBQ3RDLG1DQUFtQztRQUNuQyxnQ0FBZ0M7S0FDakM7SUFDRCxLQUFLLEVBQUU7UUFDTCwyQ0FBMkM7UUFDM0MseUJBQXlCO1FBQ3pCLDBDQUEwQztLQUMzQztDQUNGLENBQUM7QUFFRiwwQkFBMEI7QUFDMUIsTUFBTSxpQkFBaUIsR0FBc0M7SUFDM0QsUUFBUSxFQUFFO1FBQ1IsZ0NBQWdDO1FBQ2hDLHVCQUF1QjtRQUN2QixxQkFBcUI7UUFDckIsWUFBWTtLQUNiO0lBQ0QsV0FBVyxFQUFFO1FBQ1gsZ0JBQWdCO1FBQ2hCLFNBQVM7UUFDVCxTQUFTO1FBRVQsK0JBQStCO1FBQy9CLDBCQUEwQjtRQUMxQix3QkFBd0I7S0FDekI7SUFDRCxLQUFLLEVBQUUsQ0FBQyxXQUFXLENBQUM7Q0FDckIsQ0FBQztBQUVGLGlCQUFpQjtBQUNqQixNQUFNLGtCQUFrQixHQUFzQztJQUM1RCxRQUFRLEVBQUUsQ0FBQywrQkFBK0IsQ0FBQztJQUMzQyxXQUFXLEVBQUUsQ0FBQyw4QkFBOEIsQ0FBQztJQUM3QyxLQUFLLEVBQUUsRUFBRTtDQUNWLENBQUM7QUFpQkYsTUFBTSxVQUFVLEdBQUcsQ0FDakIsUUFBb0MsRUFDcEMsY0FBaUQsRUFDakQsT0FBcUIsRUFDckIsRUFBRTtJQUNGLElBQUksQ0FBQyxRQUFRO1FBQUUsT0FBTyxPQUFPLENBQUM7SUFFOUIsTUFBTSxNQUFNLEdBQUc7UUFDYixRQUFRLEVBQUUsT0FBTyxRQUFRLEtBQUssU0FBUyxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRO1FBQ3RFLFdBQVcsRUFDVCxPQUFPLFFBQVEsS0FBSyxTQUFTLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLFdBQVc7UUFDakUsS0FBSyxFQUFFLE9BQU8sUUFBUSxLQUFLLFNBQVMsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSztLQUNqRSxDQUFDO0lBRUYsSUFBSSxNQUFNLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDcEIsY0FBYyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDbEUsQ0FBQztJQUNELElBQUksTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ3ZCLGNBQWMsQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ3hFLENBQUM7SUFDRCxJQUFJLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNqQixjQUFjLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUM1RCxDQUFDO0lBRUQsT0FBTyxPQUFPLENBQUM7QUFDakIsQ0FBQyxDQUFDO0FBRUssTUFBTSxZQUFZLEdBQUcsQ0FBQyxFQUMzQixhQUFhLEVBQ2IsY0FBYyxFQUNkLGdCQUFnQixFQUNoQixjQUFjLEVBQ2Qsa0JBQWtCLEVBQ2xCLGNBQWMsRUFDZCxlQUFlLEdBQ0MsRUFBcUMsRUFBRTtJQUN2RCxNQUFNLEVBQUUsR0FBaUI7UUFDdkIsUUFBUSxFQUFFLElBQUksR0FBRyxFQUFVO1FBQzNCLEtBQUssRUFBRSxJQUFJLEdBQUcsRUFBVTtRQUN4QixXQUFXLEVBQUUsSUFBSSxHQUFHLEVBQVU7S0FDL0IsQ0FBQztJQUVGLFVBQVUsQ0FBQyxjQUFjLEVBQUUsZUFBZSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ2hELFVBQVUsQ0FBQyxhQUFhLEVBQUUsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQzNDLFVBQVUsQ0FBQyxnQkFBZ0IsRUFBRSxpQkFBaUIsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUNwRCxVQUFVLENBQUMsY0FBYyxFQUFFLFlBQVksRUFBRSxFQUFFLENBQUMsQ0FBQztJQUM3QyxVQUFVLENBQUMsa0JBQWtCLEVBQUUsZ0JBQWdCLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDckQsVUFBVSxDQUFDLGNBQWMsRUFBRSxpQkFBaUIsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUNsRCxVQUFVLENBQUMsZUFBZSxFQUFFLGtCQUFrQixFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBRXBELE9BQU87UUFDTCxRQUFRLEVBQUUsS0FBSyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsUUFBUSxDQUFDLENBQUMsSUFBSSxFQUFFO1FBQ3hDLEtBQUssRUFBRSxLQUFLLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxJQUFJLEVBQUU7UUFDbEMsV0FBVyxFQUFFLEtBQUssQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLFdBQVcsQ0FBQyxDQUFDLElBQUksRUFBRTtLQUMvQyxDQUFDO0FBQ0osQ0FBQyxDQUFDO0FBNUJXLFFBQUEsWUFBWSxnQkE0QnZCO0FBRUssTUFBTSxtQkFBbUIsR0FBRyxDQUFDLEVBQ2xDLElBQUksRUFDSixRQUFRLEVBQ1IsS0FBSyxFQUNMLFNBQVMsRUFDVCxHQUFHLE1BQU0sRUFJUixFQUFFLEVBQUU7SUFDTCxNQUFNLEtBQUssR0FBRyxJQUFBLG9CQUFZLEVBQUMsTUFBTSxDQUFDLENBQUM7SUFDbkMsTUFBTSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRTtRQUNsQyxNQUFNLElBQUksR0FBRyxDQUFvQixDQUFDO1FBQ2xDLE1BQU0sUUFBUSxHQUFHLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUM7UUFDekMsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2QsT0FBTyxDQUFDLElBQUksQ0FDVixpQkFBaUIsSUFBSSx5Q0FBeUMsQ0FDL0QsQ0FBQztZQUNGLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxDQUFDLEdBQUcsR0FBRyxJQUFJLElBQUksSUFBSSxFQUFFLENBQUM7UUFDNUIsS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQ3hCLElBQUEsK0JBQWMsRUFBQztZQUNiLElBQUksRUFBRSxDQUFDO1lBQ1AsUUFBUSxFQUFFLENBQUM7WUFDWCxXQUFXLEVBQUUsUUFBUTtZQUNyQixhQUFhLEVBQUUsT0FBTztZQUN0QixLQUFLO1lBQ0wsU0FBUztTQUNWLENBQUMsQ0FDSCxDQUFDO0lBQ0osQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDLENBQUM7QUFqQ1csUUFBQSxtQkFBbUIsdUJBaUM5QiJ9
|
package/AzAd/EnvRoles.d.ts
CHANGED
|
@@ -5,10 +5,11 @@ type EnvRoleInfoType = {
|
|
|
5
5
|
objectId: string;
|
|
6
6
|
displayName: string;
|
|
7
7
|
};
|
|
8
|
-
export type
|
|
9
|
-
export type CreateEnvRolesType =
|
|
10
|
-
|
|
8
|
+
export type EnvRolesInfo = Record<EnvRoleKeyTypes, Output<EnvRoleInfoType> | EnvRoleInfoType>;
|
|
9
|
+
export type CreateEnvRolesType = EnvRolesInfo & {
|
|
10
|
+
pushToVault: (vaultInfo: KeyVaultInfo) => void;
|
|
11
11
|
};
|
|
12
|
+
export declare const pushEnvRolesToVault: (envRoles: EnvRolesInfo, vaultInfo: KeyVaultInfo) => void;
|
|
12
13
|
export declare const createEnvRoles: () => CreateEnvRolesType;
|
|
13
14
|
/** Get Single Env Role Object */
|
|
14
15
|
export declare const getEnvRole: (name: string, vaultInfo: KeyVaultInfo) => Promise<{
|
|
@@ -16,5 +17,5 @@ export declare const getEnvRole: (name: string, vaultInfo: KeyVaultInfo) => Prom
|
|
|
16
17
|
objectId: string;
|
|
17
18
|
}>;
|
|
18
19
|
/** Get All Env Role Objects */
|
|
19
|
-
export declare const getEnvRolesOutput: (vaultInfo: KeyVaultInfo) =>
|
|
20
|
+
export declare const getEnvRolesOutput: (vaultInfo: KeyVaultInfo) => EnvRolesInfo;
|
|
20
21
|
export {};
|
package/AzAd/EnvRoles.js
CHANGED
|
@@ -3,7 +3,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.getEnvRolesOutput = exports.getEnvRole = exports.createEnvRoles = void 0;
|
|
6
|
+
exports.getEnvRolesOutput = exports.getEnvRole = exports.createEnvRoles = exports.pushEnvRolesToVault = void 0;
|
|
7
|
+
const EnvRoles_Consts_1 = require("./EnvRoles.Consts");
|
|
7
8
|
const Role_1 = __importDefault(require("./Role"));
|
|
8
9
|
const pulumi_1 = require("@pulumi/pulumi");
|
|
9
10
|
const Common_1 = require("../Common");
|
|
@@ -27,45 +28,51 @@ const getRoleSecretName = (name) => ({
|
|
|
27
28
|
objectIdName: (0, Common_1.getSecretName)(`envRoles-${name}-object-id`),
|
|
28
29
|
displayName: (0, Common_1.getSecretName)(`envRoles-${name}-display-name`),
|
|
29
30
|
});
|
|
31
|
+
const pushEnvRolesToVault = (envRoles, vaultInfo) => {
|
|
32
|
+
Object.keys(envRoleConfig).forEach((key) => {
|
|
33
|
+
const role = envRoles[key];
|
|
34
|
+
//Add to Key Vault
|
|
35
|
+
const secretNames = getRoleSecretName(key);
|
|
36
|
+
(0, CustomHelper_1.addCustomSecrets)({
|
|
37
|
+
vaultInfo,
|
|
38
|
+
contentType: 'Env Roles',
|
|
39
|
+
items: [
|
|
40
|
+
{ name: secretNames.objectIdName, value: role.objectId },
|
|
41
|
+
{ name: secretNames.displayName, value: role.displayName },
|
|
42
|
+
],
|
|
43
|
+
});
|
|
44
|
+
});
|
|
45
|
+
};
|
|
46
|
+
exports.pushEnvRolesToVault = pushEnvRolesToVault;
|
|
30
47
|
const createEnvRoles = () => {
|
|
31
48
|
const groups = {};
|
|
32
49
|
Object.keys(envRoleConfig).forEach((key) => {
|
|
33
|
-
const
|
|
50
|
+
const k = key;
|
|
51
|
+
const config = envRoleConfig[k];
|
|
34
52
|
const g = (0, Role_1.default)(config);
|
|
35
|
-
groups[
|
|
53
|
+
groups[k] = (0, pulumi_1.output)([g.objectId, g.displayName]).apply(([i, d]) => ({
|
|
36
54
|
objectId: i,
|
|
37
55
|
displayName: d,
|
|
38
56
|
}));
|
|
39
57
|
});
|
|
40
|
-
const
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
vaultInfo,
|
|
50
|
-
});
|
|
51
|
-
(0, CustomHelper_1.addCustomSecret)({
|
|
52
|
-
name: secretNames.displayName,
|
|
53
|
-
value: role.displayName,
|
|
54
|
-
contentType: secretNames.displayName,
|
|
55
|
-
vaultInfo,
|
|
56
|
-
});
|
|
57
|
-
});
|
|
58
|
-
};
|
|
58
|
+
const pushToVault = (vaultInfo) => (0, exports.pushEnvRolesToVault)(groups, vaultInfo);
|
|
59
|
+
//Allows Some Subscription level access
|
|
60
|
+
//1. Allows to AcrPull
|
|
61
|
+
(0, EnvRoles_Consts_1.grantEnvRolesAccess)({
|
|
62
|
+
envRoles: groups,
|
|
63
|
+
name: 'envRoles-SubScope-Access',
|
|
64
|
+
scope: Common_1.defaultSubScope,
|
|
65
|
+
enableACRRoles: { contributor: true },
|
|
66
|
+
});
|
|
59
67
|
return {
|
|
60
68
|
...groups,
|
|
61
|
-
|
|
69
|
+
pushToVault,
|
|
62
70
|
};
|
|
63
71
|
};
|
|
64
72
|
exports.createEnvRoles = createEnvRoles;
|
|
65
73
|
/** Get Single Env Role Object */
|
|
66
74
|
const getEnvRole = async (name, vaultInfo) => {
|
|
67
75
|
const secretNames = getRoleSecretName(name);
|
|
68
|
-
//console.log(`getEnvRole:`, secretNames);
|
|
69
76
|
const [objectId, displayName] = await Promise.all([
|
|
70
77
|
(0, Helper_1.getSecret)({ name: secretNames.objectIdName, vaultInfo }),
|
|
71
78
|
(0, Helper_1.getSecret)({ name: secretNames.displayName, vaultInfo }),
|
|
@@ -85,4 +92,4 @@ const getEnvRolesOutput = (vaultInfo) => {
|
|
|
85
92
|
return rs;
|
|
86
93
|
};
|
|
87
94
|
exports.getEnvRolesOutput = getEnvRolesOutput;
|
|
88
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
95
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRW52Um9sZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvQXpBZC9FbnZSb2xlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7QUFBQSx1REFBd0Q7QUFDeEQsa0RBQXlDO0FBRXpDLDJDQUFnRDtBQUNoRCxzQ0FBMkQ7QUFDM0QsMkRBQTREO0FBQzVELCtDQUErQztBQUkvQyxNQUFNLGFBQWEsR0FBdUM7SUFDeEQsUUFBUSxFQUFFO1FBQ1IsUUFBUSxFQUFFLFVBQVU7UUFDcEIsT0FBTyxFQUFFLE9BQU87S0FDakI7SUFDRCxXQUFXLEVBQUU7UUFDWCxRQUFRLEVBQUUsYUFBYTtRQUN2QixPQUFPLEVBQUUsT0FBTztLQUNqQjtJQUNELEtBQUssRUFBRTtRQUNMLFFBQVEsRUFBRSxPQUFPO1FBQ2pCLE9BQU8sRUFBRSxPQUFPO0tBQ2pCO0NBQ0YsQ0FBQztBQVFGLE1BQU0saUJBQWlCLEdBQUcsQ0FBQyxJQUFZLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDM0MsWUFBWSxFQUFFLElBQUEsc0JBQWEsRUFBQyxZQUFZLElBQUksWUFBWSxDQUFDO0lBQ3pELFdBQVcsRUFBRSxJQUFBLHNCQUFhLEVBQUMsWUFBWSxJQUFJLGVBQWUsQ0FBQztDQUM1RCxDQUFDLENBQUM7QUFNSSxNQUFNLG1CQUFtQixHQUFHLENBQ2pDLFFBQXNCLEVBQ3RCLFNBQXVCLEVBQ3ZCLEVBQUU7SUFDRixNQUFNLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFO1FBQ3pDLE1BQU0sSUFBSSxHQUFHLFFBQVEsQ0FBQyxHQUFzQixDQUFDLENBQUM7UUFDOUMsa0JBQWtCO1FBQ2xCLE1BQU0sV0FBVyxHQUFHLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQzNDLElBQUEsK0JBQWdCLEVBQUM7WUFDZixTQUFTO1lBQ1QsV0FBVyxFQUFFLFdBQVc7WUFDeEIsS0FBSyxFQUFFO2dCQUNMLEVBQUUsSUFBSSxFQUFFLFdBQVcsQ0FBQyxZQUFZLEVBQUUsS0FBSyxFQUFFLElBQUksQ0FBQyxRQUFRLEVBQUU7Z0JBQ3hELEVBQUUsSUFBSSxFQUFFLFdBQVcsQ0FBQyxXQUFXLEVBQUUsS0FBSyxFQUFFLElBQUksQ0FBQyxXQUFXLEVBQUU7YUFDM0Q7U0FDRixDQUFDLENBQUM7SUFDTCxDQUFDLENBQUMsQ0FBQztBQUNMLENBQUMsQ0FBQztBQWpCVyxRQUFBLG1CQUFtQix1QkFpQjlCO0FBRUssTUFBTSxjQUFjLEdBQUcsR0FBRyxFQUFFO0lBQ2pDLE1BQU0sTUFBTSxHQUFpQixFQUFTLENBQUM7SUFFdkMsTUFBTSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRTtRQUN6QyxNQUFNLENBQUMsR0FBRyxHQUFzQixDQUFDO1FBQ2pDLE1BQU0sTUFBTSxHQUFHLGFBQWEsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNoQyxNQUFNLENBQUMsR0FBRyxJQUFBLGNBQUksRUFBQyxNQUFNLENBQUMsQ0FBQztRQUV2QixNQUFNLENBQUMsQ0FBQyxDQUFDLEdBQUcsSUFBQSxlQUFNLEVBQUMsQ0FBQyxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQ2pFLFFBQVEsRUFBRSxDQUFDO1lBQ1gsV0FBVyxFQUFFLENBQUM7U0FDZixDQUFDLENBQUMsQ0FBQztJQUNOLENBQUMsQ0FBQyxDQUFDO0lBRUgsTUFBTSxXQUFXLEdBQUcsQ0FBQyxTQUF1QixFQUFFLEVBQUUsQ0FDOUMsSUFBQSwyQkFBbUIsRUFBQyxNQUFNLEVBQUUsU0FBUyxDQUFDLENBQUM7SUFFekMsdUNBQXVDO0lBQ3ZDLHNCQUFzQjtJQUN0QixJQUFBLHFDQUFtQixFQUFDO1FBQ2xCLFFBQVEsRUFBRSxNQUFNO1FBQ2hCLElBQUksRUFBRSwwQkFBMEI7UUFDaEMsS0FBSyxFQUFFLHdCQUFlO1FBQ3RCLGNBQWMsRUFBRSxFQUFFLFdBQVcsRUFBRSxJQUFJLEVBQUU7S0FDdEMsQ0FBQyxDQUFDO0lBRUgsT0FBTztRQUNMLEdBQUcsTUFBTTtRQUNULFdBQVc7S0FDVSxDQUFDO0FBQzFCLENBQUMsQ0FBQztBQTlCVyxRQUFBLGNBQWMsa0JBOEJ6QjtBQUVGLGlDQUFpQztBQUMxQixNQUFNLFVBQVUsR0FBRyxLQUFLLEVBQUUsSUFBWSxFQUFFLFNBQXVCLEVBQUUsRUFBRTtJQUN4RSxNQUFNLFdBQVcsR0FBRyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUU1QyxNQUFNLENBQUMsUUFBUSxFQUFFLFdBQVcsQ0FBQyxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQztRQUNoRCxJQUFBLGtCQUFTLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxDQUFDLFlBQVksRUFBRSxTQUFTLEVBQUUsQ0FBQztRQUN4RCxJQUFBLGtCQUFTLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxDQUFDLFdBQVcsRUFBRSxTQUFTLEVBQUUsQ0FBQztLQUN4RCxDQUFDLENBQUM7SUFFSCxPQUFPO1FBQ0wsV0FBVyxFQUFFLFdBQVcsRUFBRSxLQUFNO1FBQ2hDLFFBQVEsRUFBRSxRQUFRLEVBQUUsS0FBTTtLQUMzQixDQUFDO0FBQ0osQ0FBQyxDQUFDO0FBWlcsUUFBQSxVQUFVLGNBWXJCO0FBRUYsK0JBQStCO0FBQ3hCLE1BQU0saUJBQWlCLEdBQUcsQ0FBQyxTQUF1QixFQUFFLEVBQUU7SUFDM0QsTUFBTSxFQUFFLEdBQTRDLEVBQUUsQ0FBQztJQUV2RCxNQUFNLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFO1FBQ3pDLEVBQUUsQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFBLGVBQU0sRUFBQyxJQUFBLGtCQUFVLEVBQUMsR0FBRyxFQUFFLFNBQVMsQ0FBQyxDQUFDLENBQUM7SUFDL0MsQ0FBQyxDQUFDLENBQUM7SUFFSCxPQUFPLEVBQWtCLENBQUM7QUFDNUIsQ0FBQyxDQUFDO0FBUlcsUUFBQSxpQkFBaUIscUJBUTVCIn0=
|
package/AzAd/Group.d.ts
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
import * as azuread from '@pulumi/azuread';
|
|
2
2
|
import { Input, Output } from '@pulumi/pulumi';
|
|
3
|
+
import { NamedType } from '../types';
|
|
3
4
|
export interface GroupPermissionProps {
|
|
4
5
|
/** The name of the roles would like to assign to this group*/
|
|
5
6
|
roleName: string;
|
|
6
7
|
/**The scopes pf role if not provided the scope will be subscription level*/
|
|
7
8
|
scope?: Input<string>;
|
|
8
9
|
}
|
|
9
|
-
interface AdGroupProps {
|
|
10
|
-
name: string;
|
|
10
|
+
interface AdGroupProps extends NamedType {
|
|
11
11
|
members?: Input<string>[];
|
|
12
12
|
owners?: Input<Input<string>[]>;
|
|
13
13
|
permissions?: Array<GroupPermissionProps>;
|
|
@@ -15,12 +15,10 @@ interface AdGroupProps {
|
|
|
15
15
|
declare const _default: ({ name, permissions, members, owners }: AdGroupProps) => Promise<import("@pulumi/azuread/group").Group>;
|
|
16
16
|
export default _default;
|
|
17
17
|
export declare const getAdGroup: (displayName: string) => Output<import("@pulumi/pulumi").UnwrappedObject<azuread.GetGroupResult>>;
|
|
18
|
-
export declare const addMemberToGroup: ({ name,
|
|
19
|
-
|
|
20
|
-
userName?: string;
|
|
21
|
-
objectId?: Input<string>;
|
|
18
|
+
export declare const addMemberToGroup: ({ name, objectId, groupObjectId, }: NamedType & {
|
|
19
|
+
objectId: Input<string>;
|
|
22
20
|
groupObjectId: Input<string>;
|
|
23
|
-
}) => import("@pulumi/azuread/groupMember").GroupMember
|
|
21
|
+
}) => Output<import("@pulumi/azuread/groupMember").GroupMember>;
|
|
24
22
|
export declare const addGroupToGroup: (groupMemberName: string, groupObjectId: Output<string>) => Output<import("@pulumi/azuread/groupMember").GroupMember>;
|
|
25
23
|
export declare const assignRolesToGroup: ({ roles, groupName, scope, }: {
|
|
26
24
|
groupName: string;
|
package/AzAd/Group.js
CHANGED
|
@@ -65,19 +65,10 @@ const getAdGroup = (displayName) => {
|
|
|
65
65
|
return (0, pulumi_1.output)(azuread.getGroup({ displayName }));
|
|
66
66
|
};
|
|
67
67
|
exports.getAdGroup = getAdGroup;
|
|
68
|
-
const addMemberToGroup = ({ name,
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
throw new Error('Either UserName or ObjectId must be defined.');
|
|
73
|
-
const user = userName
|
|
74
|
-
? (0, pulumi_1.output)(azuread.getUser({ userPrincipalName: userName }))
|
|
75
|
-
: { objectId: objectId };
|
|
76
|
-
return new azuread.GroupMember(name, {
|
|
77
|
-
groupObjectId,
|
|
78
|
-
memberObjectId: user.objectId,
|
|
79
|
-
});
|
|
80
|
-
};
|
|
68
|
+
const addMemberToGroup = ({ name, objectId, groupObjectId, }) => (0, pulumi_1.output)([objectId, groupObjectId]).apply(([oId, gId]) => new azuread.GroupMember(`${name}-${gId}-${oId}`, {
|
|
69
|
+
groupObjectId,
|
|
70
|
+
memberObjectId: objectId,
|
|
71
|
+
}));
|
|
81
72
|
exports.addMemberToGroup = addMemberToGroup;
|
|
82
73
|
const addGroupToGroup = (groupMemberName, groupObjectId) => {
|
|
83
74
|
const group = (0, exports.getAdGroup)(groupMemberName);
|
|
@@ -98,4 +89,4 @@ const assignRolesToGroup = ({ roles, groupName, scope, }) => (0, pulumi_1.output
|
|
|
98
89
|
})));
|
|
99
90
|
});
|
|
100
91
|
exports.assignRolesToGroup = assignRolesToGroup;
|
|
101
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
92
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiR3JvdXAuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvQXpBZC9Hcm91cC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLHlEQUEyQztBQUMzQywyQ0FBdUQ7QUFDdkQsc0NBQTRDO0FBRTVDLHFEQUFrRDtBQUNsRCxzQ0FBcUM7QUFpQnJDLGtCQUFlLEtBQUssRUFBRSxFQUFFLElBQUksRUFBRSxXQUFXLEVBQUUsT0FBTyxFQUFFLE1BQU0sRUFBZ0IsRUFBRSxFQUFFO0lBQzVFLE1BQU0sS0FBSyxHQUFHLElBQUksT0FBTyxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUU7UUFDcEMsV0FBVyxFQUFFLElBQUk7UUFDakIsc0JBQXNCLEVBQUUsS0FBSztRQUM3Qiw2QkFBNkI7UUFDN0IsK0JBQStCO1FBQy9CLFdBQVcsRUFBRSxLQUFLO1FBQ2xCLGVBQWUsRUFBRSxJQUFJO1FBQ3JCLE1BQU07S0FDUCxDQUFDLENBQUM7SUFFSCxJQUFJLE9BQU8sRUFBRSxDQUFDO1FBQ1osT0FBTyxDQUFDLEdBQUcsQ0FDVCxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUNQLElBQUksT0FBTyxDQUFDLFdBQVcsQ0FBQyxHQUFHLElBQUksV0FBVyxDQUFDLEVBQUUsRUFBRTtZQUM3QyxhQUFhLEVBQUUsS0FBSyxDQUFDLEVBQUU7WUFDdkIsY0FBYyxFQUFFLENBQUM7U0FDbEIsQ0FBQyxDQUNMLENBQUM7SUFDSixDQUFDO0lBRUQsSUFBSSxXQUFXLEVBQUUsQ0FBQztRQUNoQixNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQ2YsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQ3BCLElBQUEsK0JBQWMsRUFBQztZQUNiLElBQUk7WUFDSixXQUFXLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDM0IsYUFBYSxFQUFFLE9BQU87WUFDdEIsUUFBUSxFQUFFLENBQUMsQ0FBQyxRQUFRO1lBQ3BCLEtBQUssRUFBRSxDQUFDLENBQUMsS0FBSyxJQUFJLHdCQUFlO1NBQ2xDLENBQUMsQ0FDSCxDQUNGLENBQUM7SUFDSixDQUFDO0lBRUQsT0FBTyxLQUFLLENBQUM7QUFDZixDQUFDLENBQUM7QUFFSyxNQUFNLFVBQVUsR0FBRyxDQUFDLFdBQW1CLEVBQUUsRUFBRTtJQUNoRCxJQUFJLGlCQUFRO1FBQ1YsT0FBTyxJQUFBLGVBQU0sRUFBQztZQUNaLFdBQVc7WUFDWCxRQUFRLEVBQUUsc0NBQXNDO1NBQy9CLENBQUMsQ0FBQztJQUN2QixPQUFPLElBQUEsZUFBTSxFQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFDbkQsQ0FBQyxDQUFDO0FBUFcsUUFBQSxVQUFVLGNBT3JCO0FBRUssTUFBTSxnQkFBZ0IsR0FBRyxDQUFDLEVBQy9CLElBQUksRUFDSixRQUFRLEVBQ1IsYUFBYSxHQUlkLEVBQUUsRUFBRSxDQUNILElBQUEsZUFBTSxFQUFDLENBQUMsUUFBUSxFQUFFLGFBQWEsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUNyQyxDQUFDLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQyxFQUFFLEVBQUUsQ0FDYixJQUFJLE9BQU8sQ0FBQyxXQUFXLENBQUMsR0FBRyxJQUFJLElBQUksR0FBRyxJQUFJLEdBQUcsRUFBRSxFQUFFO0lBQy9DLGFBQWE7SUFDYixjQUFjLEVBQUUsUUFBUTtDQUN6QixDQUFDLENBQ0wsQ0FBQztBQWRTLFFBQUEsZ0JBQWdCLG9CQWN6QjtBQUVHLE1BQU0sZUFBZSxHQUFHLENBQzdCLGVBQXVCLEVBQ3ZCLGFBQTZCLEVBQzdCLEVBQUU7SUFDRixNQUFNLEtBQUssR0FBRyxJQUFBLGtCQUFVLEVBQUMsZUFBZSxDQUFDLENBQUM7SUFFMUMsT0FBTyxhQUFhLENBQUMsS0FBSyxDQUN4QixDQUFDLENBQUMsRUFBRSxFQUFFLENBQ0osSUFBSSxPQUFPLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxJQUFJLGVBQWUsRUFBRSxFQUFFO1FBQ2pELGFBQWEsRUFBRSxDQUFDO1FBQ2hCLGNBQWMsRUFBRSxLQUFLLENBQUMsUUFBUTtLQUMvQixDQUFDLENBQ0wsQ0FBQztBQUNKLENBQUMsQ0FBQztBQWJXLFFBQUEsZUFBZSxtQkFhMUI7QUFFSyxNQUFNLGtCQUFrQixHQUFHLENBQUMsRUFDakMsS0FBSyxFQUNMLFNBQVMsRUFDVCxLQUFLLEdBS04sRUFBRSxFQUFFLENBQ0gsSUFBQSxlQUFNLEVBQUMsS0FBSyxJQUFJLEVBQUU7SUFDaEIsTUFBTSxLQUFLLEdBQUcsSUFBQSxrQkFBVSxFQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQ3BDLE9BQU8sTUFBTSxPQUFPLENBQUMsR0FBRyxDQUN0QixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FDZCxJQUFBLCtCQUFjLEVBQUM7UUFDYixJQUFJLEVBQUUsU0FBUztRQUNmLFdBQVcsRUFBRSxLQUFLLENBQUMsUUFBUTtRQUMzQixhQUFhLEVBQUUsT0FBTztRQUN0QixRQUFRLEVBQUUsQ0FBQztRQUNYLEtBQUssRUFBRSxLQUFLLElBQUksd0JBQWU7S0FDaEMsQ0FBQyxDQUNILENBQ0YsQ0FBQztBQUNKLENBQUMsQ0FBQyxDQUFDO0FBdEJRLFFBQUEsa0JBQWtCLHNCQXNCMUIifQ==
|
package/AzAd/Helper.d.ts
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
|
-
import { IdentityRoleAssignment, KeyVaultInfo } from
|
|
2
|
-
import { Input } from
|
|
3
|
-
interface Props {
|
|
4
|
-
name: string;
|
|
1
|
+
import { IdentityInfo, IdentityRoleAssignment, KeyVaultInfo, NamedType } from '../types';
|
|
2
|
+
import { Input } from '@pulumi/pulumi';
|
|
3
|
+
interface Props extends NamedType {
|
|
5
4
|
includePrincipal?: boolean;
|
|
6
5
|
vaultInfo: KeyVaultInfo;
|
|
7
6
|
}
|
|
@@ -22,8 +21,9 @@ export declare const getIdentitySecretNames: (name: string) => {
|
|
|
22
21
|
};
|
|
23
22
|
export declare const getIdentityInfo: ({ name, vaultInfo, includePrincipal, }: Props) => Promise<IdentityInfoResults>;
|
|
24
23
|
export declare const getIdentityInfoOutput: (props: Props) => import("@pulumi/pulumi").Output<import("@pulumi/pulumi").UnwrappedObject<IdentityInfoResults>>;
|
|
25
|
-
export declare const grantIdentityPermissions: ({ name, principalId, vaultInfo,
|
|
26
|
-
name: string;
|
|
24
|
+
export declare const grantIdentityPermissions: ({ name, principalId, vaultInfo, role, }: IdentityRoleAssignment & NamedType & {
|
|
27
25
|
principalId: Input<string>;
|
|
28
26
|
}) => void;
|
|
27
|
+
export declare const getUserAssignedIdentityInfo: (name: string, vaultInfo: KeyVaultInfo) => Promise<IdentityInfo>;
|
|
28
|
+
export declare const getUserAssignedIdentityInfoOutput: (name: string, vaultInfo: KeyVaultInfo) => import("@pulumi/pulumi").Output<import("@pulumi/pulumi").UnwrappedObject<IdentityInfo>>;
|
|
29
29
|
export {};
|
package/AzAd/Helper.js
CHANGED
|
@@ -1,22 +1,22 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.grantIdentityPermissions = exports.getIdentityInfoOutput = exports.getIdentityInfo = exports.getIdentitySecretNames = void 0;
|
|
4
|
-
const
|
|
3
|
+
exports.getUserAssignedIdentityInfoOutput = exports.getUserAssignedIdentityInfo = exports.grantIdentityPermissions = exports.getIdentityInfoOutput = exports.getIdentityInfo = exports.getIdentitySecretNames = void 0;
|
|
4
|
+
const Common_1 = require("../Common");
|
|
5
5
|
const Helper_1 = require("../KeyVault/Helper");
|
|
6
6
|
const pulumi_1 = require("@pulumi/pulumi");
|
|
7
7
|
const EnvRoles_1 = require("./EnvRoles");
|
|
8
8
|
const RoleAssignment_1 = require("./RoleAssignment");
|
|
9
9
|
const Group_1 = require("./Group");
|
|
10
10
|
const getIdentitySecretNames = (name) => ({
|
|
11
|
-
objectIdName: (0,
|
|
12
|
-
clientIdKeyName: (0,
|
|
13
|
-
clientSecretKeyName: (0,
|
|
14
|
-
principalIdKeyName: (0,
|
|
15
|
-
principalSecretKeyName: (0,
|
|
11
|
+
objectIdName: (0, Common_1.getSecretName)(`${name}-object-id`),
|
|
12
|
+
clientIdKeyName: (0, Common_1.getSecretName)(`${name}-client-id`),
|
|
13
|
+
clientSecretKeyName: (0, Common_1.getSecretName)(`${name}-client-secret`),
|
|
14
|
+
principalIdKeyName: (0, Common_1.getSecretName)(`${name}-principal-id`),
|
|
15
|
+
principalSecretKeyName: (0, Common_1.getSecretName)(`${name}-principal-secret`),
|
|
16
16
|
});
|
|
17
17
|
exports.getIdentitySecretNames = getIdentitySecretNames;
|
|
18
18
|
const getIdentityInfo = async ({ name, vaultInfo, includePrincipal, }) => {
|
|
19
|
-
name = (0,
|
|
19
|
+
name = (0, Common_1.getIdentityName)(name);
|
|
20
20
|
const secretNames = (0, exports.getIdentitySecretNames)(name);
|
|
21
21
|
const [objectId, clientId, clientSecret] = await Promise.all([
|
|
22
22
|
(0, Helper_1.getSecret)({ name: secretNames.objectIdName, vaultInfo }),
|
|
@@ -40,49 +40,11 @@ const getIdentityInfo = async ({ name, vaultInfo, includePrincipal, }) => {
|
|
|
40
40
|
exports.getIdentityInfo = getIdentityInfo;
|
|
41
41
|
const getIdentityInfoOutput = (props) => (0, pulumi_1.output)((0, exports.getIdentityInfo)(props));
|
|
42
42
|
exports.getIdentityInfoOutput = getIdentityInfoOutput;
|
|
43
|
-
// export const grantIdentityRolesAccess = ({
|
|
44
|
-
// name,
|
|
45
|
-
// principalId,
|
|
46
|
-
// scope,
|
|
47
|
-
// roleType,
|
|
48
|
-
// additionRoles,
|
|
49
|
-
// dependsOn,
|
|
50
|
-
// ...others
|
|
51
|
-
// }: RoleEnableTypes & {
|
|
52
|
-
// name: string;
|
|
53
|
-
// principalId: Input<string>;
|
|
54
|
-
// scope: Input<string>;
|
|
55
|
-
// roleType: EnvRoleKeyTypes;
|
|
56
|
-
// additionRoles?: string[];
|
|
57
|
-
// dependsOn?: Input<Input<Resource>[]> | Input<Resource>;
|
|
58
|
-
// }) => {
|
|
59
|
-
// const roles = getRoleNames(others);
|
|
60
|
-
// const finalRoles = new Set(additionRoles);
|
|
61
|
-
//
|
|
62
|
-
// if (roleType === "readOnly") roles.readOnly.forEach((r) => finalRoles.add(r));
|
|
63
|
-
// if (roleType === "contributor")
|
|
64
|
-
// roles.contributor.forEach((r) => finalRoles.add(r));
|
|
65
|
-
// if (roleType === "admin") roles.admin.forEach((r) => finalRoles.add(r));
|
|
66
|
-
//
|
|
67
|
-
// Array.from(finalRoles)
|
|
68
|
-
// .sort()
|
|
69
|
-
// .forEach((r) => {
|
|
70
|
-
// const n = `${name}-${roleType}-${replaceAll(r, " ", "")}`;
|
|
71
|
-
// roleAssignment({
|
|
72
|
-
// name: n,
|
|
73
|
-
// principalId,
|
|
74
|
-
// principalType: "ServicePrincipal",
|
|
75
|
-
// roleName: r,
|
|
76
|
-
// scope,
|
|
77
|
-
// dependsOn,
|
|
78
|
-
// });
|
|
79
|
-
// });
|
|
80
|
-
// };
|
|
81
43
|
const grantIdentityToResourceRoles = ({ name, roles, principalId, }) => roles.map((r) => (0, RoleAssignment_1.roleAssignment)({
|
|
82
44
|
name,
|
|
83
45
|
roleName: r.name,
|
|
84
46
|
principalId: principalId,
|
|
85
|
-
principalType:
|
|
47
|
+
principalType: 'ServicePrincipal',
|
|
86
48
|
scope: r.scope,
|
|
87
49
|
}));
|
|
88
50
|
const grantIdentityEnvRolesGroup = ({ name, roleType, vaultInfo, principalId, }) => {
|
|
@@ -97,18 +59,41 @@ const grantIdentityEnvRolesGroup = ({ name, roleType, vaultInfo, principalId, })
|
|
|
97
59
|
});
|
|
98
60
|
});
|
|
99
61
|
};
|
|
100
|
-
const grantIdentityPermissions = ({ name, principalId, vaultInfo,
|
|
101
|
-
if (roles) {
|
|
102
|
-
|
|
103
|
-
}
|
|
104
|
-
if (
|
|
62
|
+
const grantIdentityPermissions = ({ name, principalId, vaultInfo, role, }) => {
|
|
63
|
+
// if (roles) {
|
|
64
|
+
// grantIdentityToResourceRoles({ name, roles, principalId });
|
|
65
|
+
// }
|
|
66
|
+
if (role && vaultInfo) {
|
|
105
67
|
grantIdentityEnvRolesGroup({
|
|
106
68
|
name,
|
|
107
|
-
roleType:
|
|
69
|
+
roleType: role,
|
|
108
70
|
principalId,
|
|
109
71
|
vaultInfo,
|
|
110
72
|
});
|
|
111
73
|
}
|
|
112
74
|
};
|
|
113
75
|
exports.grantIdentityPermissions = grantIdentityPermissions;
|
|
114
|
-
|
|
76
|
+
const getUserAssignedIdentityInfo = async (name, vaultInfo) => {
|
|
77
|
+
name = (0, Common_1.getManagedIdentityName)(name);
|
|
78
|
+
const id = await (0, Helper_1.getSecret)({
|
|
79
|
+
name: `${name}-id`,
|
|
80
|
+
vaultInfo,
|
|
81
|
+
nameFormatted: true,
|
|
82
|
+
});
|
|
83
|
+
const principalId = await (0, Helper_1.getSecret)({
|
|
84
|
+
name: `${name}-principalId`,
|
|
85
|
+
vaultInfo,
|
|
86
|
+
nameFormatted: true,
|
|
87
|
+
});
|
|
88
|
+
const info = (0, Common_1.parseResourceInfoFromId)(id.value);
|
|
89
|
+
return {
|
|
90
|
+
name: info.name,
|
|
91
|
+
group: info.group,
|
|
92
|
+
id: info.id,
|
|
93
|
+
principalId: principalId.value,
|
|
94
|
+
};
|
|
95
|
+
};
|
|
96
|
+
exports.getUserAssignedIdentityInfo = getUserAssignedIdentityInfo;
|
|
97
|
+
const getUserAssignedIdentityInfoOutput = (name, vaultInfo) => (0, pulumi_1.output)((0, exports.getUserAssignedIdentityInfo)(name, vaultInfo));
|
|
98
|
+
exports.getUserAssignedIdentityInfoOutput = getUserAssignedIdentityInfoOutput;
|
|
99
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL0F6QWQvSGVscGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHNDQUttQjtBQUNuQiwrQ0FBK0M7QUFRL0MsMkNBQStDO0FBQy9DLHlDQUF5RDtBQUN6RCxxREFBa0Q7QUFDbEQsbUNBQTJDO0FBZ0JwQyxNQUFNLHNCQUFzQixHQUFHLENBQUMsSUFBWSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZELFlBQVksRUFBRSxJQUFBLHNCQUFhLEVBQUMsR0FBRyxJQUFJLFlBQVksQ0FBQztJQUNoRCxlQUFlLEVBQUUsSUFBQSxzQkFBYSxFQUFDLEdBQUcsSUFBSSxZQUFZLENBQUM7SUFDbkQsbUJBQW1CLEVBQUUsSUFBQSxzQkFBYSxFQUFDLEdBQUcsSUFBSSxnQkFBZ0IsQ0FBQztJQUMzRCxrQkFBa0IsRUFBRSxJQUFBLHNCQUFhLEVBQUMsR0FBRyxJQUFJLGVBQWUsQ0FBQztJQUN6RCxzQkFBc0IsRUFBRSxJQUFBLHNCQUFhLEVBQUMsR0FBRyxJQUFJLG1CQUFtQixDQUFDO0NBQ2xFLENBQUMsQ0FBQztBQU5VLFFBQUEsc0JBQXNCLDBCQU1oQztBQUVJLE1BQU0sZUFBZSxHQUFHLEtBQUssRUFBRSxFQUNwQyxJQUFJLEVBQ0osU0FBUyxFQUNULGdCQUFnQixHQUNWLEVBQWdDLEVBQUU7SUFDeEMsSUFBSSxHQUFHLElBQUEsd0JBQWUsRUFBQyxJQUFJLENBQUMsQ0FBQztJQUM3QixNQUFNLFdBQVcsR0FBRyxJQUFBLDhCQUFzQixFQUFDLElBQUksQ0FBQyxDQUFDO0lBRWpELE1BQU0sQ0FBQyxRQUFRLEVBQUUsUUFBUSxFQUFFLFlBQVksQ0FBQyxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQztRQUMzRCxJQUFBLGtCQUFTLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxDQUFDLFlBQVksRUFBRSxTQUFTLEVBQUUsQ0FBQztRQUN4RCxJQUFBLGtCQUFTLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxDQUFDLGVBQWUsRUFBRSxTQUFTLEVBQUUsQ0FBQztRQUMzRCxJQUFBLGtCQUFTLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxDQUFDLG1CQUFtQixFQUFFLFNBQVMsRUFBRSxDQUFDO0tBQ2hFLENBQUMsQ0FBQztJQUVILE1BQU0sQ0FBQyxXQUFXLEVBQUUsZUFBZSxDQUFDLEdBQUcsZ0JBQWdCO1FBQ3JELENBQUMsQ0FBQyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUM7WUFDaEIsSUFBQSxrQkFBUyxFQUFDLEVBQUUsSUFBSSxFQUFFLFdBQVcsQ0FBQyxrQkFBa0IsRUFBRSxTQUFTLEVBQUUsQ0FBQztZQUM5RCxJQUFBLGtCQUFTLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxDQUFDLHNCQUFzQixFQUFFLFNBQVMsRUFBRSxDQUFDO1NBQ25FLENBQUM7UUFDSixDQUFDLENBQUMsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUM7SUFFM0IsT0FBTztRQUNMLFFBQVEsRUFBRSxRQUFTLENBQUMsS0FBTTtRQUMxQixRQUFRLEVBQUUsUUFBUyxDQUFDLEtBQU07UUFDMUIsWUFBWSxFQUFFLFlBQVksRUFBRSxLQUFLO1FBQ2pDLFdBQVcsRUFBRSxXQUFXLEVBQUUsS0FBSztRQUMvQixlQUFlLEVBQUUsZUFBZSxFQUFFLEtBQUs7S0FDeEMsQ0FBQztBQUNKLENBQUMsQ0FBQztBQTVCVyxRQUFBLGVBQWUsbUJBNEIxQjtBQUVLLE1BQU0scUJBQXFCLEdBQUcsQ0FBQyxLQUFZLEVBQUUsRUFBRSxDQUNwRCxJQUFBLGVBQU0sRUFBc0IsSUFBQSx1QkFBZSxFQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7QUFEekMsUUFBQSxxQkFBcUIseUJBQ29CO0FBRXRELE1BQU0sNEJBQTRCLEdBQUcsQ0FBQyxFQUNwQyxJQUFJLEVBQ0osS0FBSyxFQUNMLFdBQVcsR0FJWixFQUFFLEVBQUUsQ0FDSCxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FDZCxJQUFBLCtCQUFjLEVBQUM7SUFDYixJQUFJO0lBQ0osUUFBUSxFQUFFLENBQUMsQ0FBQyxJQUFJO0lBQ2hCLFdBQVcsRUFBRSxXQUFXO0lBQ3hCLGFBQWEsRUFBRSxrQkFBa0I7SUFDakMsS0FBSyxFQUFFLENBQUMsQ0FBQyxLQUFLO0NBQ2YsQ0FBQyxDQUNILENBQUM7QUFFSixNQUFNLDBCQUEwQixHQUFHLENBQUMsRUFDbEMsSUFBSSxFQUNKLFFBQVEsRUFDUixTQUFTLEVBQ1QsV0FBVyxHQUlaLEVBQUUsRUFBRTtJQUNILE1BQU0sSUFBSSxHQUFHLElBQUEsZUFBTSxFQUFDLElBQUEscUJBQVUsRUFBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLENBQUMsQ0FBQztJQUNyRCxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRTtRQUN0QixJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVE7WUFBRSxPQUFPO1FBQzNCLE9BQU8sSUFBQSx3QkFBZ0IsRUFBQztZQUN0QixJQUFJO1lBQ0osUUFBUSxFQUFFLFdBQVc7WUFDckIsYUFBYSxFQUFFLENBQUMsQ0FBQyxRQUFRO1NBQzFCLENBQUMsQ0FBQztJQUNMLENBQUMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyxDQUFDO0FBRUssTUFBTSx3QkFBd0IsR0FBRyxDQUFDLEVBQ3ZDLElBQUksRUFDSixXQUFXLEVBQ1gsU0FBUyxFQUNULElBQUksR0FJSCxFQUFFLEVBQUU7SUFDTCxlQUFlO0lBQ2YsZ0VBQWdFO0lBQ2hFLElBQUk7SUFDSixJQUFJLElBQUksSUFBSSxTQUFTLEVBQUUsQ0FBQztRQUN0QiwwQkFBMEIsQ0FBQztZQUN6QixJQUFJO1lBQ0osUUFBUSxFQUFFLElBQUk7WUFDZCxXQUFXO1lBQ1gsU0FBUztTQUNWLENBQUMsQ0FBQztJQUNMLENBQUM7QUFDSCxDQUFDLENBQUM7QUFwQlcsUUFBQSx3QkFBd0IsNEJBb0JuQztBQUVLLE1BQU0sMkJBQTJCLEdBQUcsS0FBSyxFQUM5QyxJQUFZLEVBQ1osU0FBdUIsRUFDQSxFQUFFO0lBQ3pCLElBQUksR0FBRyxJQUFBLCtCQUFzQixFQUFDLElBQUksQ0FBQyxDQUFDO0lBQ3BDLE1BQU0sRUFBRSxHQUFHLE1BQU0sSUFBQSxrQkFBUyxFQUFDO1FBQ3pCLElBQUksRUFBRSxHQUFHLElBQUksS0FBSztRQUNsQixTQUFTO1FBQ1QsYUFBYSxFQUFFLElBQUk7S0FDcEIsQ0FBQyxDQUFDO0lBQ0gsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFBLGtCQUFTLEVBQUM7UUFDbEMsSUFBSSxFQUFFLEdBQUcsSUFBSSxjQUFjO1FBQzNCLFNBQVM7UUFDVCxhQUFhLEVBQUUsSUFBSTtLQUNwQixDQUFDLENBQUM7SUFFSCxNQUFNLElBQUksR0FBRyxJQUFBLGdDQUF1QixFQUFDLEVBQUcsQ0FBQyxLQUFNLENBQUMsQ0FBQztJQUNqRCxPQUFPO1FBQ0wsSUFBSSxFQUFFLElBQUssQ0FBQyxJQUFLO1FBQ2pCLEtBQUssRUFBRSxJQUFLLENBQUMsS0FBTTtRQUNuQixFQUFFLEVBQUUsSUFBSyxDQUFDLEVBQUc7UUFDYixXQUFXLEVBQUUsV0FBWSxDQUFDLEtBQU07S0FDakMsQ0FBQztBQUNKLENBQUMsQ0FBQztBQXZCVyxRQUFBLDJCQUEyQiwrQkF1QnRDO0FBRUssTUFBTSxpQ0FBaUMsR0FBRyxDQUMvQyxJQUFZLEVBQ1osU0FBdUIsRUFDdkIsRUFBRSxDQUFDLElBQUEsZUFBTSxFQUFlLElBQUEsbUNBQTJCLEVBQUMsSUFBSSxFQUFFLFNBQVMsQ0FBQyxDQUFDLENBQUM7QUFIM0QsUUFBQSxpQ0FBaUMscUNBRzBCIn0=
|
|
@@ -3,10 +3,10 @@ export declare const defaultAzAdoName = "azure-devops";
|
|
|
3
3
|
interface Props {
|
|
4
4
|
name?: string;
|
|
5
5
|
vaultInfo: KeyVaultInfo;
|
|
6
|
-
|
|
6
|
+
isSubOwner?: boolean;
|
|
7
7
|
}
|
|
8
8
|
/** Get Global ADO Identity */
|
|
9
9
|
export declare const getAdoIdentityInfo: (vaultInfo: KeyVaultInfo) => import("@pulumi/pulumi").Output<import("@pulumi/pulumi").UnwrappedObject<import("../Helper").IdentityInfoResults>>;
|
|
10
10
|
/** Create Global ADO Identity */
|
|
11
|
-
declare const _default: ({ name, vaultInfo,
|
|
11
|
+
declare const _default: ({ name, vaultInfo, isSubOwner, ...others }: Props) => import("../Identity").IdentityResult;
|
|
12
12
|
export default _default;
|
|
@@ -4,10 +4,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.getAdoIdentityInfo = exports.defaultAzAdoName = void 0;
|
|
7
|
+
const Common_1 = require("../../Common");
|
|
7
8
|
const Identity_1 = __importDefault(require("../Identity"));
|
|
8
9
|
const GraphDefinition_1 = require("../GraphDefinition");
|
|
9
10
|
const Helper_1 = require("../Helper");
|
|
10
|
-
const
|
|
11
|
+
const RoleAssignment_1 = require("../RoleAssignment");
|
|
11
12
|
exports.defaultAzAdoName = 'azure-devops';
|
|
12
13
|
/** Get Global ADO Identity */
|
|
13
14
|
const getAdoIdentityInfo = (vaultInfo) => (0, Helper_1.getIdentityInfoOutput)({
|
|
@@ -17,7 +18,8 @@ const getAdoIdentityInfo = (vaultInfo) => (0, Helper_1.getIdentityInfoOutput)({
|
|
|
17
18
|
});
|
|
18
19
|
exports.getAdoIdentityInfo = getAdoIdentityInfo;
|
|
19
20
|
/** Create Global ADO Identity */
|
|
20
|
-
exports.default = ({ name = exports.defaultAzAdoName, vaultInfo,
|
|
21
|
+
exports.default = ({ name = exports.defaultAzAdoName, vaultInfo, isSubOwner, ...others }) => {
|
|
22
|
+
const roleName = isSubOwner ? 'Owner' : 'Contributor';
|
|
21
23
|
const graphAccess = (0, GraphDefinition_1.getGraphPermissions)({ name: 'User.Read', type: 'Scope' });
|
|
22
24
|
const ado = (0, Identity_1.default)({
|
|
23
25
|
name,
|
|
@@ -25,14 +27,18 @@ exports.default = ({ name = exports.defaultAzAdoName, vaultInfo, additionRoles =
|
|
|
25
27
|
createClientSecret: true,
|
|
26
28
|
createPrincipal: true,
|
|
27
29
|
requiredResourceAccesses: [graphAccess],
|
|
28
|
-
roles: additionRoles.map((role) => ({
|
|
29
|
-
name: role,
|
|
30
|
-
scope: AzureEnv_1.defaultSubScope,
|
|
31
|
-
})),
|
|
32
30
|
vaultInfo,
|
|
33
31
|
...others,
|
|
34
32
|
});
|
|
33
|
+
(0, RoleAssignment_1.roleAssignment)({
|
|
34
|
+
name,
|
|
35
|
+
scope: Common_1.defaultSubScope,
|
|
36
|
+
dependsOn: ado.resource,
|
|
37
|
+
principalId: ado.principalId,
|
|
38
|
+
principalType: 'ServicePrincipal',
|
|
39
|
+
roleName,
|
|
40
|
+
});
|
|
35
41
|
console.log(`Add this principal ${name} to [User administrator, Application administrator, Cloud application administrator and Global Reader] of Azure AD to allow to Add/Update and Delete Groups, Users`);
|
|
36
42
|
return ado;
|
|
37
43
|
};
|
|
38
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
44
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQXpEZXZPcHNJZGVudGl0eS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9BekFkL0lkZW50aXRpZXMvQXpEZXZPcHNJZGVudGl0eS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7QUFBQSx5Q0FBK0M7QUFFL0MsMkRBQW1DO0FBQ25DLHdEQUF5RDtBQUN6RCxzQ0FBa0Q7QUFDbEQsc0RBQW1EO0FBRXRDLFFBQUEsZ0JBQWdCLEdBQUcsY0FBYyxDQUFDO0FBUS9DLCtCQUErQjtBQUN4QixNQUFNLGtCQUFrQixHQUFHLENBQUMsU0FBdUIsRUFBRSxFQUFFLENBQzVELElBQUEsOEJBQXFCLEVBQUM7SUFDcEIsSUFBSSxFQUFFLHdCQUFnQjtJQUN0QixTQUFTO0lBQ1QsZ0JBQWdCLEVBQUUsSUFBSTtDQUN2QixDQUFDLENBQUM7QUFMUSxRQUFBLGtCQUFrQixzQkFLMUI7QUFFTCxpQ0FBaUM7QUFDakMsa0JBQWUsQ0FBQyxFQUNkLElBQUksR0FBRyx3QkFBZ0IsRUFDdkIsU0FBUyxFQUNULFVBQVUsRUFDVixHQUFHLE1BQU0sRUFDSCxFQUFFLEVBQUU7SUFDVixNQUFNLFFBQVEsR0FBRyxVQUFVLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsYUFBYSxDQUFDO0lBQ3RELE1BQU0sV0FBVyxHQUFHLElBQUEscUNBQW1CLEVBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsQ0FBQyxDQUFDO0lBRTlFLE1BQU0sR0FBRyxHQUFHLElBQUEsa0JBQVEsRUFBQztRQUNuQixJQUFJO1FBQ0osT0FBTyxFQUFFLEtBQUs7UUFDZCxrQkFBa0IsRUFBRSxJQUFJO1FBQ3hCLGVBQWUsRUFBRSxJQUFJO1FBQ3JCLHdCQUF3QixFQUFFLENBQUMsV0FBVyxDQUFDO1FBQ3ZDLFNBQVM7UUFDVCxHQUFHLE1BQU07S0FDVixDQUFDLENBQUM7SUFFSCxJQUFBLCtCQUFjLEVBQUM7UUFDYixJQUFJO1FBQ0osS0FBSyxFQUFFLHdCQUFlO1FBQ3RCLFNBQVMsRUFBRSxHQUFHLENBQUMsUUFBUTtRQUN2QixXQUFXLEVBQUUsR0FBRyxDQUFDLFdBQVk7UUFDN0IsYUFBYSxFQUFFLGtCQUFrQjtRQUNqQyxRQUFRO0tBQ1QsQ0FBQyxDQUFDO0lBRUgsT0FBTyxDQUFDLEdBQUcsQ0FDVCxzQkFBc0IsSUFBSSxvS0FBb0ssQ0FDL0wsQ0FBQztJQUVGLE9BQU8sR0FBRyxDQUFDO0FBQ2IsQ0FBQyxDQUFDIn0=
|
|
@@ -5,16 +5,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
const UserAssignedIdentity_1 = __importDefault(require("../UserAssignedIdentity"));
|
|
7
7
|
const AzDevOpsIdentity_1 = require("./AzDevOpsIdentity");
|
|
8
|
-
const AzureEnv_1 = require("../../Common/AzureEnv");
|
|
9
8
|
exports.default = ({ name = AzDevOpsIdentity_1.defaultAzAdoName, ...others }) => {
|
|
10
|
-
const additionRoles = ['Owner'];
|
|
11
9
|
return (0, UserAssignedIdentity_1.default)({
|
|
12
10
|
name,
|
|
13
|
-
|
|
14
|
-
name: role,
|
|
15
|
-
scope: AzureEnv_1.defaultSubScope,
|
|
16
|
-
})),
|
|
11
|
+
role: 'admin',
|
|
17
12
|
...others,
|
|
18
13
|
});
|
|
19
14
|
};
|
|
20
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
15
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQXpEZXZPcHNNYW5hZ2VkSWRlbnRpdHkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvQXpBZC9JZGVudGl0aWVzL0F6RGV2T3BzTWFuYWdlZElkZW50aXR5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQ0EsbUZBQTJEO0FBQzNELHlEQUFzRDtBQU10RCxrQkFBZSxDQUFDLEVBQUUsSUFBSSxHQUFHLG1DQUFnQixFQUFFLEdBQUcsTUFBTSxFQUFTLEVBQUUsRUFBRTtJQUMvRCxPQUFPLElBQUEsOEJBQW9CLEVBQUM7UUFDMUIsSUFBSTtRQUNKLElBQUksRUFBRSxPQUFPO1FBQ2IsR0FBRyxNQUFNO0tBQ1YsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyxDQUFDIn0=
|
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
import { KeyVaultInfo } from
|
|
2
|
-
interface Props {
|
|
3
|
-
name: string;
|
|
1
|
+
import { KeyVaultInfo, NamedType } from '../../types';
|
|
2
|
+
interface Props extends NamedType {
|
|
4
3
|
vaultInfo: KeyVaultInfo;
|
|
5
4
|
}
|
|
6
5
|
declare const _default: ({ name, ...others }: Props) => import("../Identity").IdentityResult;
|