@drunk-pulumi/azure 1.0.6 → 1.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Aks/Helper.d.ts +3 -3
- package/Aks/Helper.js +2 -3
- package/Aks/Identity.js +17 -17
- package/Aks/index.d.ts +13 -15
- package/Aks/index.js +63 -64
- package/Automation/index.d.ts +4 -4
- package/Automation/index.js +13 -9
- package/AzAd/EnvRoles.d.ts +0 -5
- package/AzAd/EnvRoles.js +3 -4
- package/AzAd/Group.d.ts +4 -4
- package/AzAd/Group.js +14 -5
- package/AzAd/Helper.d.ts +3 -8
- package/AzAd/Helper.js +67 -51
- package/AzAd/Identities/AzDevOpsManagedIdentity.d.ts +3 -3
- package/AzAd/Identities/AzDevOpsManagedIdentity.js +4 -4
- package/AzAd/Identities/AzUserAdRevertSync.d.ts +2 -2
- package/AzAd/Identities/EnvUID.d.ts +4 -0
- package/AzAd/Identities/EnvUID.js +21 -0
- package/AzAd/Identities/index.d.ts +1 -1
- package/AzAd/Identities/index.js +3 -3
- package/AzAd/Identity.d.ts +2 -2
- package/AzAd/Identity.js +3 -8
- package/AzAd/RoleAssignment.d.ts +2 -2
- package/AzAd/UserAssignedIdentity.d.ts +4 -3
- package/AzAd/UserAssignedIdentity.js +10 -13
- package/Builder/AksBuilder.d.ts +2 -2
- package/Builder/AksBuilder.js +14 -7
- package/Builder/ApimBuilder.js +8 -10
- package/Builder/CdnBuilder.d.ts +2 -2
- package/Builder/CdnBuilder.js +1 -1
- package/Builder/PrivateDnsZoneBuilder.js +4 -5
- package/Builder/ResourceBuilder.d.ts +2 -2
- package/Builder/ResourceBuilder.js +42 -5
- package/Builder/SqlBuilder.d.ts +2 -2
- package/Builder/SqlBuilder.js +9 -10
- package/Builder/VaultBuilder.d.ts +2 -3
- package/Builder/VaultBuilder.js +16 -15
- package/Builder/VmBuilder.d.ts +2 -2
- package/Builder/VmBuilder.js +12 -3
- package/Builder/VnetBuilder.d.ts +2 -2
- package/Builder/VnetBuilder.js +100 -53
- package/Builder/types/apimBuilder.d.ts +8 -9
- package/Builder/types/apimPolicyBuilder.d.ts +3 -3
- package/Builder/types/apimProductBuilder.d.ts +2 -2
- package/Builder/types/askBuilder.d.ts +8 -3
- package/Builder/types/envRoleBuilder.d.ts +2 -2
- package/Builder/types/genericBuilder.d.ts +2 -8
- package/Builder/types/genericBuilder.js +1 -1
- package/Builder/types/resourceBuilder.d.ts +12 -6
- package/Builder/types/sqlBuilder.d.ts +4 -5
- package/Builder/types/vaultBuilder.d.ts +4 -3
- package/Builder/types/vmBuilder.d.ts +6 -2
- package/Builder/types/vnetBuilder.d.ts +13 -12
- package/Cdn/CdnEndpoint.d.ts +1 -1
- package/Cdn/CdnEndpoint.js +2 -3
- package/Common/AzureEnv.d.ts +0 -7
- package/Common/AzureEnv.js +2 -44
- package/Common/GlobalEnv.d.ts +1 -3
- package/Common/GlobalEnv.js +19 -21
- package/Common/Helpers.d.ts +0 -1
- package/Common/Helpers.js +29 -29
- package/Common/Naming.d.ts +68 -0
- package/Common/Naming.js +189 -0
- package/Common/RsInfo/Helper.d.ts +4 -0
- package/Common/RsInfo/Helper.js +46 -0
- package/Common/RsInfo/index.d.ts +31 -0
- package/Common/RsInfo/index.js +245 -0
- package/Common/index.d.ts +3 -0
- package/Common/index.js +5 -2
- package/ContainerRegistry/Helper.d.ts +2 -9
- package/ContainerRegistry/Helper.js +36 -31
- package/Core/KeyGenerators.js +2 -2
- package/Core/Locker.d.ts +6 -4
- package/Core/Locker.js +23 -2
- package/Core/Random.d.ts +2 -2
- package/Core/Random.js +2 -1
- package/Core/ResourceCreator.js +3 -6
- package/CosmosDb/index.d.ts +3 -3
- package/CosmosDb/index.js +14 -14
- package/IOT/Hub/index.js +2 -1
- package/KeyVault/CustomHelper.d.ts +4 -3
- package/KeyVault/CustomHelper.js +3 -2
- package/KeyVault/Helper.d.ts +5 -1
- package/KeyVault/Helper.js +13 -2
- package/KeyVault/index.d.ts +1 -6
- package/KeyVault/index.js +19 -14
- package/Logs/AppInsight.js +3 -1
- package/Logs/Helpers.d.ts +5 -54
- package/Logs/Helpers.js +41 -64
- package/Logs/LogAnalytics.d.ts +5 -11
- package/Logs/LogAnalytics.js +11 -11
- package/Logs/WebTest.d.ts +2 -2
- package/Logs/WebTest.js +13 -13
- package/Logs/index.d.ts +7 -22
- package/Logs/index.js +33 -52
- package/Postgresql/index.js +3 -3
- package/ServiceBus/index.d.ts +4 -5
- package/ServiceBus/index.js +10 -8
- package/Sql/Helper.js +4 -4
- package/Sql/SqlDb.js +3 -6
- package/Sql/index.d.ts +2 -5
- package/Sql/index.js +12 -21
- package/Storage/Helper.d.ts +2 -28
- package/Storage/Helper.js +58 -77
- package/Storage/index.d.ts +2 -2
- package/Storage/index.js +7 -6
- package/VM/DiskEncryptionSet.d.ts +4 -6
- package/VM/DiskEncryptionSet.js +18 -6
- package/VM/index.d.ts +3 -3
- package/VM/index.js +37 -13
- package/VNet/Firewall.d.ts +8 -6
- package/VNet/Firewall.js +25 -28
- package/VNet/FirewallPolicies/CloudPCFirewallPolicy.js +2 -2
- package/VNet/Helper.d.ts +3 -20
- package/VNet/Helper.js +6 -49
- package/VNet/IpAddress.js +3 -6
- package/VNet/IpAddressPrefix.d.ts +2 -2
- package/VNet/IpAddressPrefix.js +3 -3
- package/VNet/NSGRules/BlockInternetSecurityRule.d.ts +3 -0
- package/VNet/NSGRules/BlockInternetSecurityRule.js +34 -0
- package/VNet/NSGRules/index.d.ts +5 -4
- package/VNet/NSGRules/index.js +4 -2
- package/VNet/NetworkPeering.d.ts +18 -6
- package/VNet/NetworkPeering.js +43 -27
- package/VNet/PrivateEndpoint.js +2 -2
- package/VNet/RuoteRules/RuoteTo.d.ts +4 -0
- package/VNet/RuoteRules/RuoteTo.js +4 -0
- package/VNet/VirtualWAN.js +2 -2
- package/VNet/types.d.ts +3 -8
- package/Web/AppConfig.js +2 -1
- package/package.json +4 -5
- package/types.d.ts +85 -30
- package/Aks/VmSetAutoScale/index.d.ts +0 -14
- package/Aks/VmSetAutoScale/index.js +0 -155
- package/Aks/VmSetMonitor/index.d.ts +0 -10
- package/Aks/VmSetMonitor/index.js +0 -90
- package/Apim/Helpers.d.ts +0 -2
- package/Apim/Helpers.js +0 -18
- package/AzAd/Identities/GlobalUserAssignedIdentity.d.ts +0 -4
- package/AzAd/Identities/GlobalUserAssignedIdentity.js +0 -19
- package/Common/Naming/index.d.ts +0 -67
- package/Common/Naming/index.js +0 -161
- package/Core/Helper.d.ts +0 -18
- package/Core/Helper.js +0 -42
- package/VNet/index.d.ts +0 -65
- package/VNet/index.js +0 -220
- package/Web/Helpers.d.ts +0 -6
- package/Web/Helpers.js +0 -59
package/Storage/Helper.js
CHANGED
|
@@ -1,89 +1,70 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
-
if (mod && mod.__esModule) return mod;
|
|
20
|
-
var result = {};
|
|
21
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
-
__setModuleDefault(result, mod);
|
|
23
|
-
return result;
|
|
24
|
-
};
|
|
25
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.
|
|
27
|
-
const storage = __importStar(require("@pulumi/azure-native/storage"));
|
|
3
|
+
exports.getStorageInfo = void 0;
|
|
28
4
|
const Common_1 = require("../Common");
|
|
29
5
|
const Helper_1 = require("../KeyVault/Helper");
|
|
30
|
-
const
|
|
31
|
-
const getStorageSecrets =
|
|
32
|
-
|
|
33
|
-
const
|
|
34
|
-
const
|
|
35
|
-
const
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
6
|
+
const pulumi_1 = require("@pulumi/pulumi");
|
|
7
|
+
const getStorageSecrets = ({ storageName, vaultInfo, }) => {
|
|
8
|
+
const primaryKey = Common_1.naming.getKeyName(storageName, 'primary');
|
|
9
|
+
const secondaryKey = Common_1.naming.getKeyName(storageName, 'secondary');
|
|
10
|
+
const primaryConnection = Common_1.naming.getConnectionName(storageName, 'primary');
|
|
11
|
+
const secondaryConnection = Common_1.naming.getConnectionName(storageName, 'secondary');
|
|
12
|
+
return (0, Helper_1.getSecrets)({
|
|
13
|
+
nameFormatted: true,
|
|
14
|
+
vaultInfo,
|
|
15
|
+
names: { primaryKey, secondaryKey, primaryConnection, secondaryConnection },
|
|
16
|
+
});
|
|
17
|
+
};
|
|
18
|
+
const getStorageInfo = ({ name, group, vaultInfo, }) => {
|
|
19
|
+
name = Common_1.naming.getStorageName(Common_1.naming.cleanName(name));
|
|
20
|
+
const secrets = vaultInfo
|
|
21
|
+
? getStorageSecrets({ storageName: name, vaultInfo })
|
|
22
|
+
: {};
|
|
46
23
|
return {
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
primaryKey: primaryKey?.value,
|
|
50
|
-
secondaryKey: secondaryKey?.value,
|
|
24
|
+
name,
|
|
25
|
+
group,
|
|
51
26
|
endpoints: {
|
|
52
27
|
blob: `https://${name}.blob.core.windows.net`,
|
|
53
28
|
file: `https://${name}.file.core.windows.net`,
|
|
54
29
|
table: `https://${name}.table.core.windows.net`,
|
|
55
|
-
staticSite: `https://${name}.z23.web.core.windows.net`,
|
|
56
|
-
DataLake: `https://${name}.dfs.core.windows.net`,
|
|
57
30
|
},
|
|
31
|
+
...secrets,
|
|
32
|
+
id: (0, pulumi_1.interpolate) `${Common_1.defaultSubScope}/resourceGroups/${group.resourceGroupName}/providers/Microsoft.Storage/storageAccounts/${name}`,
|
|
58
33
|
};
|
|
59
34
|
};
|
|
60
|
-
exports.
|
|
61
|
-
const getStorageSecretsById = async ({
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
35
|
+
exports.getStorageInfo = getStorageInfo;
|
|
36
|
+
// export const getStorageSecretsById = async ({
|
|
37
|
+
// storageId,
|
|
38
|
+
// vaultInfo,
|
|
39
|
+
// }: {
|
|
40
|
+
// storageId: string;
|
|
41
|
+
// vaultInfo: KeyVaultInfo;
|
|
42
|
+
// }) => {
|
|
43
|
+
// const info = rsInfo.getResourceInfoFromId(storageId);
|
|
44
|
+
// const secrets = info
|
|
45
|
+
// ? await getStorageSecrets({
|
|
46
|
+
// name: info.name,
|
|
47
|
+
// nameFormatted: true,
|
|
48
|
+
// vaultInfo,
|
|
49
|
+
// })
|
|
50
|
+
// : undefined;
|
|
51
|
+
//
|
|
52
|
+
// return secrets ? { info, secrets } : undefined;
|
|
53
|
+
// };
|
|
54
|
+
// export const getAccountSAS = ({ group, name }: BasicResourceArgs) => {
|
|
55
|
+
// const now = new Date();
|
|
56
|
+
// const expireDate = new Date();
|
|
57
|
+
// expireDate.setMonth(expireDate.getMonth() + 3);
|
|
58
|
+
//
|
|
59
|
+
// return storage.listStorageAccountSAS({
|
|
60
|
+
// accountName: name,
|
|
61
|
+
// ...group,
|
|
62
|
+
// resourceTypes: storage.SignedResourceTypes.C,
|
|
63
|
+
// services: storage.Services.B,
|
|
64
|
+
// permissions: storage.Permissions.W,
|
|
65
|
+
// protocols: storage.HttpProtocol.Https,
|
|
66
|
+
// sharedAccessStartTime: now.toISOString(),
|
|
67
|
+
// sharedAccessExpiryTime: expireDate.toISOString(),
|
|
68
|
+
// });
|
|
69
|
+
// };
|
|
70
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL1N0b3JhZ2UvSGVscGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHNDQUFvRDtBQUNwRCwrQ0FBZ0Q7QUFPaEQsMkNBQTZDO0FBRTdDLE1BQU0saUJBQWlCLEdBQUcsQ0FBQyxFQUN6QixXQUFXLEVBQ1gsU0FBUyxHQUlWLEVBQXlCLEVBQUU7SUFDMUIsTUFBTSxVQUFVLEdBQUcsZUFBTSxDQUFDLFVBQVUsQ0FBQyxXQUFXLEVBQUUsU0FBUyxDQUFDLENBQUM7SUFDN0QsTUFBTSxZQUFZLEdBQUcsZUFBTSxDQUFDLFVBQVUsQ0FBQyxXQUFXLEVBQUUsV0FBVyxDQUFDLENBQUM7SUFDakUsTUFBTSxpQkFBaUIsR0FBRyxlQUFNLENBQUMsaUJBQWlCLENBQUMsV0FBVyxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQzNFLE1BQU0sbUJBQW1CLEdBQUcsZUFBTSxDQUFDLGlCQUFpQixDQUNsRCxXQUFXLEVBQ1gsV0FBVyxDQUNaLENBQUM7SUFFRixPQUFPLElBQUEsbUJBQVUsRUFBQztRQUNoQixhQUFhLEVBQUUsSUFBSTtRQUNuQixTQUFTO1FBQ1QsS0FBSyxFQUFFLEVBQUUsVUFBVSxFQUFFLFlBQVksRUFBRSxpQkFBaUIsRUFBRSxtQkFBbUIsRUFBRTtLQUM1RSxDQUFDLENBQUM7QUFDTCxDQUFDLENBQUM7QUFFSyxNQUFNLGNBQWMsR0FBRyxDQUFDLEVBQzdCLElBQUksRUFDSixLQUFLLEVBQ0wsU0FBUyxHQUNhLEVBQWUsRUFBRTtJQUN2QyxJQUFJLEdBQUcsZUFBTSxDQUFDLGNBQWMsQ0FBQyxlQUFNLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7SUFDckQsTUFBTSxPQUFPLEdBQUcsU0FBUztRQUN2QixDQUFDLENBQUMsaUJBQWlCLENBQUMsRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxDQUFDO1FBQ3JELENBQUMsQ0FBQyxFQUFFLENBQUM7SUFFUCxPQUFPO1FBQ0wsSUFBSTtRQUNKLEtBQUs7UUFDTCxTQUFTLEVBQUU7WUFDVCxJQUFJLEVBQUUsV0FBVyxJQUFJLHdCQUF3QjtZQUM3QyxJQUFJLEVBQUUsV0FBVyxJQUFJLHdCQUF3QjtZQUM3QyxLQUFLLEVBQUUsV0FBVyxJQUFJLHlCQUF5QjtTQUNoRDtRQUNELEdBQUcsT0FBTztRQUNWLEVBQUUsRUFBRSxJQUFBLG9CQUFXLEVBQUEsR0FBRyx3QkFBZSxtQkFBbUIsS0FBSyxDQUFDLGlCQUFpQixnREFBZ0QsSUFBSSxFQUFFO0tBQ2xJLENBQUM7QUFDSixDQUFDLENBQUM7QUFyQlcsUUFBQSxjQUFjLGtCQXFCekI7QUFFRixnREFBZ0Q7QUFDaEQsZUFBZTtBQUNmLGVBQWU7QUFDZixPQUFPO0FBQ1AsdUJBQXVCO0FBQ3ZCLDZCQUE2QjtBQUM3QixVQUFVO0FBQ1YsMERBQTBEO0FBQzFELHlCQUF5QjtBQUN6QixrQ0FBa0M7QUFDbEMsMkJBQTJCO0FBQzNCLCtCQUErQjtBQUMvQixxQkFBcUI7QUFDckIsV0FBVztBQUNYLG1CQUFtQjtBQUNuQixFQUFFO0FBQ0Ysb0RBQW9EO0FBQ3BELEtBQUs7QUFFTCx5RUFBeUU7QUFDekUsNEJBQTRCO0FBQzVCLG1DQUFtQztBQUNuQyxvREFBb0Q7QUFDcEQsRUFBRTtBQUNGLDJDQUEyQztBQUMzQyx5QkFBeUI7QUFDekIsZ0JBQWdCO0FBQ2hCLG9EQUFvRDtBQUNwRCxvQ0FBb0M7QUFDcEMsMENBQTBDO0FBQzFDLDZDQUE2QztBQUM3QyxnREFBZ0Q7QUFDaEQsd0RBQXdEO0FBQ3hELFFBQVE7QUFDUixLQUFLIn0=
|
package/Storage/index.d.ts
CHANGED
|
@@ -47,5 +47,5 @@ export type StorageResults = ResourceInfo & {
|
|
|
47
47
|
getConnectionString?: (name?: string) => Promise<KeyVaultSecret | undefined>;
|
|
48
48
|
};
|
|
49
49
|
/** Storage Creator */
|
|
50
|
-
declare
|
|
51
|
-
export default
|
|
50
|
+
declare function Storage({ name, group, vaultInfo, enableEncryption, envRoles, containers, queues, fileShares, network, features, policies, lock, dependsOn, ignoreChanges, }: StorageProps): StorageResults;
|
|
51
|
+
export default Storage;
|
package/Storage/index.js
CHANGED
|
@@ -31,11 +31,11 @@ const Helper_1 = require("../KeyVault/Helper");
|
|
|
31
31
|
const Common_1 = require("../Common");
|
|
32
32
|
const Common_2 = require("../Common");
|
|
33
33
|
const CustomHelper_1 = require("../KeyVault/CustomHelper");
|
|
34
|
-
const Locker_1 =
|
|
34
|
+
const Locker_1 = require("../Core/Locker");
|
|
35
35
|
const PrivateEndpoint_1 = __importDefault(require("../VNet/PrivateEndpoint"));
|
|
36
36
|
const ManagementRules_1 = require("./ManagementRules");
|
|
37
37
|
/** Storage Creator */
|
|
38
|
-
|
|
38
|
+
function Storage({ name, group, vaultInfo, enableEncryption, envRoles, containers = [], queues = [], fileShares = [], network, features = {}, policies = { keyExpirationPeriodInDays: 365 }, lock = true, dependsOn, ignoreChanges, }) {
|
|
39
39
|
name = (0, Common_2.getStorageName)(name);
|
|
40
40
|
const primaryKeyName = (0, Common_2.getKeyName)(name, 'primary');
|
|
41
41
|
const secondaryKeyName = (0, Common_2.getKeyName)(name, 'secondary');
|
|
@@ -110,7 +110,7 @@ exports.default = ({ name, group, vaultInfo, enableEncryption, envRoles, contain
|
|
|
110
110
|
}))
|
|
111
111
|
: undefined,
|
|
112
112
|
},
|
|
113
|
-
});
|
|
113
|
+
}, { dependsOn, ignoreChanges });
|
|
114
114
|
if (network?.privateEndpoint) {
|
|
115
115
|
//Create Private Endpoints
|
|
116
116
|
(0, PrivateEndpoint_1.default)({
|
|
@@ -131,7 +131,7 @@ exports.default = ({ name, group, vaultInfo, enableEncryption, envRoles, contain
|
|
|
131
131
|
}
|
|
132
132
|
//Lock the resources
|
|
133
133
|
if (lock) {
|
|
134
|
-
(0, Locker_1.
|
|
134
|
+
(0, Locker_1.Locker)({ name, resource: stg });
|
|
135
135
|
}
|
|
136
136
|
//Enable Static Website for SPA
|
|
137
137
|
if (features.enableStaticWebsite) {
|
|
@@ -230,5 +230,6 @@ exports.default = ({ name, group, vaultInfo, enableEncryption, envRoles, contain
|
|
|
230
230
|
? (name = primaryConnectionKeyName) => (0, Helper_1.getSecret)({ name, nameFormatted: true, vaultInfo })
|
|
231
231
|
: undefined,
|
|
232
232
|
};
|
|
233
|
-
}
|
|
234
|
-
|
|
233
|
+
}
|
|
234
|
+
exports.default = Storage;
|
|
235
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvU3RvcmFnZS9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQ0Esc0VBQXdEO0FBT3hELCtDQUE4RDtBQUM5RCxzQ0FBa0M7QUFDbEMsc0NBQTBFO0FBQzFFLDJEQUE0RDtBQUM1RCwyQ0FBd0M7QUFDeEMsOEVBQXNEO0FBQ3RELHVEQUkyQjtBQTRDM0Isc0JBQXNCO0FBQ3RCLFNBQVMsT0FBTyxDQUFDLEVBQ2YsSUFBSSxFQUNKLEtBQUssRUFDTCxTQUFTLEVBQ1QsZ0JBQWdCLEVBQ2hCLFFBQVEsRUFDUixVQUFVLEdBQUcsRUFBRSxFQUNmLE1BQU0sR0FBRyxFQUFFLEVBQ1gsVUFBVSxHQUFHLEVBQUUsRUFDZixPQUFPLEVBQ1AsUUFBUSxHQUFHLEVBQUUsRUFDYixRQUFRLEdBQUcsRUFBRSx5QkFBeUIsRUFBRSxHQUFHLEVBQUUsRUFDN0MsSUFBSSxHQUFHLElBQUksRUFDWCxTQUFTLEVBQ1QsYUFBYSxHQUNBO0lBQ2IsSUFBSSxHQUFHLElBQUEsdUJBQWMsRUFBQyxJQUFJLENBQUMsQ0FBQztJQUU1QixNQUFNLGNBQWMsR0FBRyxJQUFBLG1CQUFVLEVBQUMsSUFBSSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQ25ELE1BQU0sZ0JBQWdCLEdBQUcsSUFBQSxtQkFBVSxFQUFDLElBQUksRUFBRSxXQUFXLENBQUMsQ0FBQztJQUN2RCxNQUFNLHdCQUF3QixHQUFHLElBQUEsMEJBQWlCLEVBQUMsSUFBSSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQ3BFLE1BQU0sdUJBQXVCLEdBQUcsSUFBQSwwQkFBaUIsRUFBQyxJQUFJLEVBQUUsV0FBVyxDQUFDLENBQUM7SUFDckUsTUFBTSxhQUFhLEdBQUcsZ0JBQWdCO1FBQ3BDLENBQUMsQ0FBQyxJQUFBLHNCQUFhLEVBQUMsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLFNBQVUsRUFBRSxDQUFDO1FBQ2hELENBQUMsQ0FBQyxTQUFTLENBQUM7SUFFZCxxSUFBcUk7SUFDckksTUFBTSxHQUFHLEdBQUcsSUFBSSxPQUFPLENBQUMsY0FBYyxDQUNwQyxJQUFJLEVBQ0o7UUFDRSxXQUFXLEVBQUUsSUFBSTtRQUNqQixHQUFHLEtBQUs7UUFFUixJQUFJLEVBQUUsT0FBTyxDQUFDLElBQUksQ0FBQyxTQUFTO1FBQzVCLEdBQUcsRUFBRTtZQUNILElBQUksRUFBRSxjQUFLO2dCQUNULENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyx1QkFBdUI7Z0JBQ3RELENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLFlBQVk7U0FDakM7UUFDRCxVQUFVLEVBQUUsS0FBSztRQUVqQixZQUFZLEVBQUUsSUFBSTtRQUNsQixzQkFBc0IsRUFBRSxJQUFJO1FBQzVCLHFCQUFxQixFQUFFLE9BQU8sQ0FBQyxRQUFRLEVBQUUscUJBQXFCLENBQUM7UUFDL0Qsb0JBQW9CLEVBQUUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxvQkFBb0IsQ0FBQztRQUM1RCxnQkFBZ0IsRUFBRSxPQUFPLEVBQUUsZUFBZSxDQUFDLENBQUMsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLEtBQUs7UUFDbEUsNEJBQTRCLEVBQUUsQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLG9CQUFvQixDQUFDO1FBQ3JFLGFBQWEsRUFBRSxPQUFPLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQztRQUU5QywyQkFBMkIsRUFBRSxPQUFPLENBQ2xDLFFBQVEsQ0FBQywyQkFBMkIsQ0FDckM7UUFDRCxRQUFRLEVBQUUsRUFBRSxJQUFJLEVBQUUsZ0JBQWdCLEVBQUU7UUFDcEMsaUJBQWlCLEVBQUUsUUFBUTtRQUUzQixlQUFlO1FBQ2YsU0FBUyxFQUFFO1lBQ1QseUJBQXlCLEVBQUUsUUFBUSxDQUFDLHlCQUF5QixJQUFJLEdBQUc7U0FDckU7UUFFRCxVQUFVLEVBQUUsYUFBYTtZQUN2QixDQUFDLENBQUM7Z0JBQ0UsUUFBUSxFQUFFO29CQUNSLElBQUksRUFBRTt3QkFDSixPQUFPLEVBQUUsSUFBSTt3QkFDYixPQUFPLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQyxPQUFPO3FCQUNqQztvQkFDRCxJQUFJLEVBQUU7d0JBQ0osT0FBTyxFQUFFLElBQUk7d0JBQ2IsT0FBTyxFQUFFLE9BQU8sQ0FBQyxPQUFPLENBQUMsT0FBTztxQkFDakM7aUJBQ0Y7Z0JBQ0QsU0FBUyxFQUFFLG9CQUFvQjtnQkFDL0Isa0JBQWtCLEVBQUUsYUFBYTthQUNsQztZQUNILENBQUMsQ0FBQyxTQUFTO1FBRWIsU0FBUyxFQUFFO1lBQ1QsZ0JBQWdCLEVBQUUsT0FBTyxDQUFDLGdCQUFnQixDQUFDLEdBQUc7WUFDOUMsbUJBQW1CLEVBQUUsYUFBYTtTQUNuQztRQUVELG1CQUFtQixFQUFFLE9BQU8sRUFBRSxlQUFlLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsU0FBUztRQUN0RSxjQUFjLEVBQUU7WUFDZCxNQUFNLEVBQUUsT0FBTyxFQUFFLGFBQWEsSUFBSSxlQUFlLEVBQUUsd0NBQXdDO1lBQzNGLGFBQWEsRUFBRSxPQUFPO1lBRXRCLG1CQUFtQixFQUFFLE9BQU8sRUFBRSxJQUFJO2dCQUNoQyxDQUFDLENBQUMsT0FBTyxDQUFDLElBQUk7cUJBQ1QsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDO3FCQUN6QixHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7b0JBQ1gsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDLFFBQVM7aUJBQ3RDLENBQUMsQ0FBQztnQkFDUCxDQUFDLENBQUMsU0FBUztZQUViLE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSTtnQkFDcEIsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxJQUFJO3FCQUNULE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFdBQVcsQ0FBQztxQkFDNUIsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsV0FBVyxDQUFDO3FCQUM3QixHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7b0JBQ1gsZ0JBQWdCLEVBQUUsQ0FBRTtvQkFDcEIsTUFBTSxFQUFFLE9BQU87aUJBQ2hCLENBQUMsQ0FBQztnQkFDUCxDQUFDLENBQUMsU0FBUztTQUNkO0tBQ0YsRUFDRCxFQUFFLFNBQVMsRUFBRSxhQUFhLEVBQUUsQ0FDN0IsQ0FBQztJQUVGLElBQUksT0FBTyxFQUFFLGVBQWUsRUFBRSxDQUFDO1FBQzdCLDBCQUEwQjtRQUMxQixJQUFBLHlCQUFlLEVBQUM7WUFDZCxHQUFHLE9BQU8sQ0FBQyxlQUFlO1lBQzFCLFlBQVksRUFBRSxFQUFFLElBQUksRUFBRSxLQUFLLEVBQUUsRUFBRSxFQUFFLEdBQUcsQ0FBQyxFQUFFLEVBQUU7WUFDekMsa0JBQWtCLEVBQUUsZUFBZSxPQUFPLENBQUMsZUFBZSxDQUFDLElBQUksbUJBQW1CO1lBQ2xGLG1CQUFtQixFQUFFLENBQUMsT0FBTyxDQUFDLGVBQWUsQ0FBQyxJQUFJLENBQUM7U0FDcEQsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUNELHVCQUF1QjtJQUN2QixJQUFJLFFBQVEsRUFBRSxzQkFBc0IsRUFBRSxDQUFDO1FBQ3JDLElBQUEsdUNBQXFCLEVBQUM7WUFDcEIsSUFBSTtZQUNKLEtBQUs7WUFDTCxjQUFjLEVBQUUsR0FBRztZQUNuQixLQUFLLEVBQUUsUUFBUSxDQUFDLHNCQUFzQjtTQUN2QyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsb0JBQW9CO0lBQ3BCLElBQUksSUFBSSxFQUFFLENBQUM7UUFDVCxJQUFBLGVBQU0sRUFBQyxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRUQsK0JBQStCO0lBQy9CLElBQUksUUFBUSxDQUFDLG1CQUFtQixFQUFFLENBQUM7UUFDakMsSUFBSSxPQUFPLENBQUMsMkJBQTJCLENBQ3JDLElBQUksRUFDSjtZQUNFLFdBQVcsRUFBRSxHQUFHLENBQUMsSUFBSTtZQUNyQixHQUFHLEtBQUs7WUFDUixhQUFhLEVBQUUsWUFBWTtZQUMzQixnQkFBZ0IsRUFBRSxZQUFZO1NBQy9CLEVBQ0QsRUFBRSxTQUFTLEVBQUUsR0FBRyxFQUFFLENBQ25CLENBQUM7SUFDSixDQUFDO0lBRUQsbUJBQW1CO0lBQ25CLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRTtRQUNuQixNQUFNLFNBQVMsR0FBRyxJQUFJLE9BQU8sQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRTtZQUNsRCxhQUFhLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUU7WUFDbkMsR0FBRyxLQUFLO1lBQ1IsV0FBVyxFQUFFLEdBQUcsQ0FBQyxJQUFJO1lBQ3JCLG9DQUFvQztZQUNwQyxZQUFZLEVBQUUsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxNQUFNO1NBQ3pDLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQ3RCLElBQUEsdUNBQXFCLEVBQUM7Z0JBQ3BCLElBQUksRUFBRSxHQUFHLElBQUksSUFBSSxDQUFDLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxFQUFFO2dCQUN2QyxjQUFjLEVBQUUsR0FBRztnQkFDbkIsS0FBSztnQkFDTCxjQUFjLEVBQUUsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDO2dCQUNoQyxLQUFLLEVBQUUsQ0FBQyxDQUFDLGVBQWU7YUFDekIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUNELE9BQU8sU0FBUyxDQUFDO0lBQ25CLENBQUMsQ0FBQyxDQUFDO0lBRUgsZUFBZTtJQUNmLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRTtRQUNmLElBQUksT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUU7WUFDbkIsU0FBUyxFQUFFLENBQUMsQ0FBQyxXQUFXLEVBQUU7WUFDMUIsV0FBVyxFQUFFLEdBQUcsQ0FBQyxJQUFJO1lBQ3JCLEdBQUcsS0FBSztTQUNULENBQUMsQ0FBQztJQUNMLENBQUMsQ0FBQyxDQUFDO0lBRUgsWUFBWTtJQUNaLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRTtRQUNuQixJQUFJLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQyxFQUFFO1lBQ3ZCLFNBQVMsRUFBRSxDQUFDLENBQUMsV0FBVyxFQUFFO1lBQzFCLFdBQVcsRUFBRSxHQUFHLENBQUMsSUFBSTtZQUNyQixHQUFHLEtBQUs7U0FDVCxDQUFDLENBQUM7SUFDTCxDQUFDLENBQUMsQ0FBQztJQUVILFlBQVk7SUFDWixHQUFHLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEVBQUU7UUFDeEIsSUFBSSxDQUFDLEVBQUU7WUFBRSxPQUFPO1FBRWhCLDBCQUEwQjtRQUMxQixJQUFJLFFBQVE7WUFDVixRQUFRLENBQUMsU0FBUyxDQUNoQixVQUFVLEVBQ1YsR0FBRyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUUsQ0FBQyxXQUFXLENBQUMsQ0FDMUMsQ0FBQztRQUVKLCtCQUErQjtRQUMvQixJQUFJLFNBQVMsSUFBSSxRQUFRLEVBQUUsb0JBQW9CLEVBQUUsQ0FBQztZQUNoRCxNQUFNLElBQUksR0FBRyxDQUNYLE1BQU0sT0FBTyxDQUFDLHNCQUFzQixDQUFDO2dCQUNuQyxXQUFXLEVBQUUsSUFBSTtnQkFDakIsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLGlCQUFpQjthQUMzQyxDQUFDLENBQ0gsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUNqQixJQUFJLEVBQUUsQ0FBQyxDQUFDLE9BQU87Z0JBQ2YsR0FBRyxFQUFFLENBQUMsQ0FBQyxLQUFLO2dCQUNaLGdCQUFnQixFQUFFLDhDQUE4QyxJQUFJLGVBQWUsQ0FBQyxDQUFDLEtBQUssa0NBQWtDO2FBQzdILENBQUMsQ0FBQyxDQUFDO1lBRUosTUFBTTtZQUNOLElBQUEsK0JBQWdCLEVBQUM7Z0JBQ2YsU0FBUztnQkFDVCxXQUFXLEVBQUUsU0FBUztnQkFDdEIsYUFBYSxFQUFFLElBQUk7Z0JBQ25CLEtBQUssRUFBRTtvQkFDTDt3QkFDRSxJQUFJLEVBQUUsY0FBYzt3QkFDcEIsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHO3FCQUNuQjtvQkFDRDt3QkFDRSxJQUFJLEVBQUUsZ0JBQWdCO3dCQUN0QixLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUc7cUJBQ25CO29CQUNEO3dCQUNFLElBQUksRUFBRSx3QkFBd0I7d0JBQzlCLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsZ0JBQWdCO3FCQUNoQztvQkFDRDt3QkFDRSxJQUFJLEVBQUUsdUJBQXVCO3dCQUM3QixLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLGdCQUFnQjtxQkFDaEM7aUJBQ0Y7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO0lBQ0gsQ0FBQyxDQUFDLENBQUM7SUFFSCxPQUFPO1FBQ0wsSUFBSTtRQUNKLEtBQUs7UUFDTCxFQUFFLEVBQUUsR0FBRyxDQUFDLEVBQUU7UUFDVixRQUFRLEVBQUUsR0FBRztRQUNiLG1CQUFtQixFQUFFLFNBQVM7WUFDNUIsQ0FBQyxDQUFDLENBQUMsT0FBZSx3QkFBd0IsRUFBRSxFQUFFLENBQzFDLElBQUEsa0JBQVMsRUFBQyxFQUFFLElBQUksRUFBRSxhQUFhLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxDQUFDO1lBQ3ZELENBQUMsQ0FBQyxTQUFTO0tBQ2QsQ0FBQztBQUNKLENBQUM7QUFFRCxrQkFBZSxPQUFPLENBQUMifQ==
|
|
@@ -1,8 +1,6 @@
|
|
|
1
|
-
import
|
|
2
|
-
import { BasicResourceWithVaultArgs,
|
|
3
|
-
interface DiskEncryptionProps extends BasicResourceWithVaultArgs {
|
|
4
|
-
vaultInfo: KeyVaultInfo;
|
|
5
|
-
userAssignedId: Input<string>;
|
|
1
|
+
import * as compute from '@pulumi/azure-native/compute';
|
|
2
|
+
import { BasicResourceWithVaultArgs, ResourceInfoWithInstance, WithEnvRoles } from '../types';
|
|
3
|
+
interface DiskEncryptionProps extends BasicResourceWithVaultArgs, WithEnvRoles {
|
|
6
4
|
}
|
|
7
|
-
declare const _default: ({ name, group, vaultInfo,
|
|
5
|
+
declare const _default: ({ name, group, vaultInfo, envUIDInfo, envRoles, dependsOn, ignoreChanges, importUri, }: DiskEncryptionProps) => ResourceInfoWithInstance<compute.DiskEncryptionSet>;
|
|
8
6
|
export default _default;
|
package/VM/DiskEncryptionSet.js
CHANGED
|
@@ -26,18 +26,30 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
26
26
|
const compute = __importStar(require("@pulumi/azure-native/compute"));
|
|
27
27
|
const Common_1 = require("../Common");
|
|
28
28
|
const Helper_1 = require("../KeyVault/Helper");
|
|
29
|
-
exports.default = ({ name, group, vaultInfo,
|
|
29
|
+
exports.default = ({ name, group, vaultInfo, envUIDInfo, envRoles, dependsOn, ignoreChanges = [], importUri, }) => {
|
|
30
|
+
if (!envUIDInfo || !vaultInfo)
|
|
31
|
+
throw new Error('The "vaultInfo" and "envUIDInfo" are required for DiskEncryptionSet.');
|
|
30
32
|
name = (0, Common_1.getDiskEncryptionName)(name);
|
|
31
33
|
const keyEncryption = (0, Helper_1.addEncryptKey)({ name, vaultInfo });
|
|
32
|
-
|
|
34
|
+
const diskEncrypt = new compute.DiskEncryptionSet(name, {
|
|
33
35
|
...group,
|
|
36
|
+
diskEncryptionSetName: name,
|
|
34
37
|
rotationToLatestKeyVersionEnabled: true,
|
|
35
38
|
encryptionType: 'EncryptionAtRestWithCustomerKey',
|
|
36
39
|
identity: {
|
|
37
|
-
type: compute.ResourceIdentityType.
|
|
38
|
-
userAssignedIdentities: [
|
|
40
|
+
type: compute.ResourceIdentityType.SystemAssigned_UserAssigned,
|
|
41
|
+
userAssignedIdentities: [envUIDInfo.id],
|
|
39
42
|
},
|
|
40
43
|
activeKey: { keyUrl: keyEncryption.url },
|
|
41
|
-
}, {
|
|
44
|
+
}, {
|
|
45
|
+
dependsOn,
|
|
46
|
+
ignoreChanges: [...ignoreChanges, 'diskEncryptionSetName'],
|
|
47
|
+
import: importUri,
|
|
48
|
+
});
|
|
49
|
+
diskEncrypt.identity.apply((i) => {
|
|
50
|
+
if (i)
|
|
51
|
+
envRoles?.addMember('readOnly', i.principalId);
|
|
52
|
+
});
|
|
53
|
+
return { name, group, id: diskEncrypt.id, instance: diskEncrypt };
|
|
42
54
|
};
|
|
43
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
55
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRGlza0VuY3J5cHRpb25TZXQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvVk0vRGlza0VuY3J5cHRpb25TZXQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLHNFQUF3RDtBQUN4RCxzQ0FBa0Q7QUFDbEQsK0NBQW1EO0FBV25ELGtCQUFlLENBQUMsRUFDZCxJQUFJLEVBQ0osS0FBSyxFQUNMLFNBQVMsRUFDVCxVQUFVLEVBQ1YsUUFBUSxFQUNSLFNBQVMsRUFDVCxhQUFhLEdBQUcsRUFBRSxFQUNsQixTQUFTLEdBQ1csRUFBdUQsRUFBRTtJQUM3RSxJQUFJLENBQUMsVUFBVSxJQUFJLENBQUMsU0FBUztRQUMzQixNQUFNLElBQUksS0FBSyxDQUNiLHVFQUF1RSxDQUN4RSxDQUFDO0lBRUosSUFBSSxHQUFHLElBQUEsOEJBQXFCLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFDbkMsTUFBTSxhQUFhLEdBQUcsSUFBQSxzQkFBYSxFQUFDLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUM7SUFDekQsTUFBTSxXQUFXLEdBQUcsSUFBSSxPQUFPLENBQUMsaUJBQWlCLENBQy9DLElBQUksRUFDSjtRQUNFLEdBQUcsS0FBSztRQUNSLHFCQUFxQixFQUFFLElBQUk7UUFDM0IsaUNBQWlDLEVBQUUsSUFBSTtRQUN2QyxjQUFjLEVBQUUsaUNBQWlDO1FBQ2pELFFBQVEsRUFBRTtZQUNSLElBQUksRUFBRSxPQUFPLENBQUMsb0JBQW9CLENBQUMsMkJBQTJCO1lBQzlELHNCQUFzQixFQUFFLENBQUMsVUFBVyxDQUFDLEVBQUUsQ0FBQztTQUN6QztRQUNELFNBQVMsRUFBRSxFQUFFLE1BQU0sRUFBRSxhQUFhLENBQUMsR0FBRyxFQUFFO0tBQ3pDLEVBQ0Q7UUFDRSxTQUFTO1FBQ1QsYUFBYSxFQUFFLENBQUMsR0FBRyxhQUFhLEVBQUUsdUJBQXVCLENBQUM7UUFDMUQsTUFBTSxFQUFFLFNBQVM7S0FDbEIsQ0FDRixDQUFDO0lBRUYsV0FBVyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRTtRQUMvQixJQUFJLENBQUM7WUFBRSxRQUFRLEVBQUUsU0FBUyxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDeEQsQ0FBQyxDQUFDLENBQUM7SUFFSCxPQUFPLEVBQUUsSUFBSSxFQUFFLEtBQUssRUFBRSxFQUFFLEVBQUUsV0FBVyxDQUFDLEVBQUUsRUFBRSxRQUFRLEVBQUUsV0FBVyxFQUFFLENBQUM7QUFDcEUsQ0FBQyxDQUFDIn0=
|
package/VM/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Input } from '@pulumi/pulumi';
|
|
2
2
|
import * as compute from '@pulumi/azure-native/compute';
|
|
3
|
-
import { BasicEncryptResourceArgs, LoginArgs } from '../types';
|
|
3
|
+
import { BasicEncryptResourceArgs, LoginArgs, WithDiskEncryption } from '../types';
|
|
4
4
|
import { VmExtensionProps } from './Extension';
|
|
5
5
|
export type VmScheduleType = {
|
|
6
6
|
/** The time zone ID: https://stackoverflow.com/questions/7908343/list-of-timezone-ids-for-use-with-findtimezonebyid-in-c */
|
|
@@ -8,7 +8,7 @@ export type VmScheduleType = {
|
|
|
8
8
|
/** The format is ISO 8601 Standard ex: 2200 */
|
|
9
9
|
autoShutdownTime?: Input<string>;
|
|
10
10
|
};
|
|
11
|
-
interface Props extends BasicEncryptResourceArgs {
|
|
11
|
+
interface Props extends BasicEncryptResourceArgs, WithDiskEncryption {
|
|
12
12
|
subnetId: Input<string>;
|
|
13
13
|
storageAccountType?: compute.StorageAccountTypes;
|
|
14
14
|
vmSize?: Input<string>;
|
|
@@ -28,5 +28,5 @@ interface Props extends BasicEncryptResourceArgs {
|
|
|
28
28
|
[key: string]: Input<string>;
|
|
29
29
|
};
|
|
30
30
|
}
|
|
31
|
-
declare const _default: ({ name, group, subnetId, osType, vmSize, extensions, storageAccountType, osDiskSizeGB, dataDiskSizeGB, enableEncryption, vaultInfo,
|
|
31
|
+
declare const _default: ({ name, group, subnetId, osType, vmSize, extensions, storageAccountType, osDiskSizeGB, dataDiskSizeGB, enableEncryption, diskEncryptionSetId, vaultInfo, envUIDInfo, schedule, login, image, lock, tags, dependsOn, ...others }: Props) => import("@pulumi/azure-native/compute/virtualMachine").VirtualMachine;
|
|
32
32
|
export default _default;
|
package/VM/index.js
CHANGED
|
@@ -29,13 +29,15 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
29
29
|
const compute = __importStar(require("@pulumi/azure-native/compute"));
|
|
30
30
|
const network = __importStar(require("@pulumi/azure-native/network"));
|
|
31
31
|
const Common_1 = require("../Common");
|
|
32
|
-
const Locker_1 =
|
|
32
|
+
const Locker_1 = require("../Core/Locker");
|
|
33
33
|
const Random_1 = require("../Core/Random");
|
|
34
34
|
const CustomHelper_1 = require("../KeyVault/CustomHelper");
|
|
35
35
|
const Helper_1 = require("../KeyVault/Helper");
|
|
36
36
|
const GlobalSchedule_1 = __importDefault(require("./GlobalSchedule"));
|
|
37
37
|
const Extension_1 = __importDefault(require("./Extension"));
|
|
38
|
-
exports.default = ({ name, group, subnetId, osType = 'Windows', vmSize = 'Standard_B2s', extensions, storageAccountType = compute.StorageAccountTypes.Premium_LRS, osDiskSizeGB = 128, dataDiskSizeGB, enableEncryption,
|
|
38
|
+
exports.default = ({ name, group, subnetId, osType = 'Windows', vmSize = 'Standard_B2s', extensions, storageAccountType = compute.StorageAccountTypes.Premium_LRS, osDiskSizeGB = 128, dataDiskSizeGB, enableEncryption, diskEncryptionSetId,
|
|
39
|
+
//encryptionAtHost,
|
|
40
|
+
vaultInfo, envUIDInfo, schedule = { timeZone: 'Singapore Standard Time' }, login, image, lock = true, tags = {}, dependsOn, ...others }) => {
|
|
39
41
|
const vmName = (0, Common_1.getVMName)(name);
|
|
40
42
|
const nicName = (0, Common_1.getNICName)(name);
|
|
41
43
|
const nic = new network.NetworkInterface(nicName, {
|
|
@@ -46,11 +48,11 @@ exports.default = ({ name, group, subnetId, osType = 'Windows', vmSize = 'Standa
|
|
|
46
48
|
],
|
|
47
49
|
nicType: network.NetworkInterfaceNicType.Standard,
|
|
48
50
|
});
|
|
49
|
-
//All VM will
|
|
50
|
-
const keyEncryption = enableEncryption
|
|
51
|
+
//All VM will use the same Key
|
|
52
|
+
const keyEncryption = enableEncryption && vaultInfo && !diskEncryptionSetId
|
|
51
53
|
? (0, Helper_1.addEncryptKey)({ name: vmName, vaultInfo: vaultInfo })
|
|
52
54
|
: undefined;
|
|
53
|
-
const diskEncryption = enableEncryption
|
|
55
|
+
const diskEncryption = enableEncryption && vaultInfo && !diskEncryptionSetId
|
|
54
56
|
? (0, CustomHelper_1.addCustomSecret)({
|
|
55
57
|
name: `${vmName}-disk-secret`,
|
|
56
58
|
vaultInfo: vaultInfo,
|
|
@@ -64,11 +66,18 @@ exports.default = ({ name, group, subnetId, osType = 'Windows', vmSize = 'Standa
|
|
|
64
66
|
...group,
|
|
65
67
|
...others,
|
|
66
68
|
hardwareProfile: { vmSize },
|
|
67
|
-
identity: {
|
|
69
|
+
identity: {
|
|
70
|
+
type: envUIDInfo
|
|
71
|
+
? compute.ResourceIdentityType.SystemAssigned_UserAssigned
|
|
72
|
+
: compute.ResourceIdentityType.SystemAssigned,
|
|
73
|
+
userAssignedIdentities: envUIDInfo ? [envUIDInfo.id] : undefined,
|
|
74
|
+
},
|
|
68
75
|
licenseType: 'None',
|
|
69
76
|
networkProfile: {
|
|
70
77
|
networkInterfaces: [{ id: nic.id, primary: true }],
|
|
71
78
|
},
|
|
79
|
+
//az feature register --name EncryptionAtHost --namespace Microsoft.Compute
|
|
80
|
+
securityProfile: { encryptionAtHost: true },
|
|
72
81
|
osProfile: {
|
|
73
82
|
computerName: name,
|
|
74
83
|
adminUsername: login.adminLogin,
|
|
@@ -116,7 +125,7 @@ exports.default = ({ name, group, subnetId, osType = 'Windows', vmSize = 'Standa
|
|
|
116
125
|
caching: 'ReadWrite',
|
|
117
126
|
createOption: 'FromImage',
|
|
118
127
|
osType,
|
|
119
|
-
encryptionSettings:
|
|
128
|
+
encryptionSettings: diskEncryption && keyEncryption
|
|
120
129
|
? {
|
|
121
130
|
diskEncryptionKey: diskEncryption
|
|
122
131
|
? {
|
|
@@ -138,7 +147,11 @@ exports.default = ({ name, group, subnetId, osType = 'Windows', vmSize = 'Standa
|
|
|
138
147
|
}
|
|
139
148
|
: undefined,
|
|
140
149
|
managedDisk: {
|
|
141
|
-
|
|
150
|
+
diskEncryptionSet: diskEncryptionSetId
|
|
151
|
+
? {
|
|
152
|
+
id: diskEncryptionSetId,
|
|
153
|
+
}
|
|
154
|
+
: undefined,
|
|
142
155
|
storageAccountType,
|
|
143
156
|
},
|
|
144
157
|
},
|
|
@@ -149,6 +162,14 @@ exports.default = ({ name, group, subnetId, osType = 'Windows', vmSize = 'Standa
|
|
|
149
162
|
diskSizeGB: dataDiskSizeGB,
|
|
150
163
|
createOption: compute.DiskCreateOptionTypes.Empty,
|
|
151
164
|
lun: 1,
|
|
165
|
+
managedDisk: {
|
|
166
|
+
diskEncryptionSet: diskEncryptionSetId
|
|
167
|
+
? {
|
|
168
|
+
id: diskEncryptionSetId,
|
|
169
|
+
}
|
|
170
|
+
: undefined,
|
|
171
|
+
storageAccountType,
|
|
172
|
+
},
|
|
152
173
|
},
|
|
153
174
|
]
|
|
154
175
|
: [],
|
|
@@ -178,12 +199,15 @@ exports.default = ({ name, group, subnetId, osType = 'Windows', vmSize = 'Standa
|
|
|
178
199
|
}));
|
|
179
200
|
}
|
|
180
201
|
if (lock) {
|
|
181
|
-
(0, Locker_1.
|
|
202
|
+
(0, Locker_1.Locker)({ name: vmName, resource: vm });
|
|
182
203
|
}
|
|
183
204
|
//Add Identity to readonly to be able to read key from vault
|
|
184
|
-
if (envRoles) {
|
|
185
|
-
|
|
186
|
-
|
|
205
|
+
// if (envRoles) {
|
|
206
|
+
// envRoles.addMember(
|
|
207
|
+
// 'readOnly',
|
|
208
|
+
// vm.identity.apply((i) => i!.principalId),
|
|
209
|
+
// );
|
|
210
|
+
// }
|
|
187
211
|
//Auto shutdown
|
|
188
212
|
if (schedule?.autoShutdownTime) {
|
|
189
213
|
(0, GlobalSchedule_1.default)({
|
|
@@ -210,4 +234,4 @@ exports.default = ({ name, group, subnetId, osType = 'Windows', vmSize = 'Standa
|
|
|
210
234
|
// }
|
|
211
235
|
return vm;
|
|
212
236
|
};
|
|
213
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
237
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvVk0vaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUNBLHNFQUF3RDtBQUN4RCxzRUFBd0Q7QUFDeEQsc0NBQWtEO0FBQ2xELDJDQUF3QztBQUN4QywyQ0FBZ0Q7QUFDaEQsMkRBQTJEO0FBQzNELCtDQUFtRDtBQU1uRCxzRUFBOEM7QUFDOUMsNERBQTBEO0FBc0MxRCxrQkFBZSxDQUFDLEVBQ2QsSUFBSSxFQUNKLEtBQUssRUFDTCxRQUFRLEVBQ1IsTUFBTSxHQUFHLFNBQVMsRUFDbEIsTUFBTSxHQUFHLGNBQWMsRUFDdkIsVUFBVSxFQUNWLGtCQUFrQixHQUFHLE9BQU8sQ0FBQyxtQkFBbUIsQ0FBQyxXQUFXLEVBQzVELFlBQVksR0FBRyxHQUFHLEVBQ2xCLGNBQWMsRUFDZCxnQkFBZ0IsRUFDaEIsbUJBQW1CO0FBQ25CLG1CQUFtQjtBQUNuQixTQUFTLEVBQ1QsVUFBVSxFQUNWLFFBQVEsR0FBRyxFQUFFLFFBQVEsRUFBRSx5QkFBeUIsRUFBRSxFQUNsRCxLQUFLLEVBQ0wsS0FBSyxFQUNMLElBQUksR0FBRyxJQUFJLEVBQ1gsSUFBSSxHQUFHLEVBQUUsRUFDVCxTQUFTLEVBQ1QsR0FBRyxNQUFNLEVBQ0gsRUFBRSxFQUFFO0lBQ1YsTUFBTSxNQUFNLEdBQUcsSUFBQSxrQkFBUyxFQUFDLElBQUksQ0FBQyxDQUFDO0lBQy9CLE1BQU0sT0FBTyxHQUFHLElBQUEsbUJBQVUsRUFBQyxJQUFJLENBQUMsQ0FBQztJQUVqQyxNQUFNLEdBQUcsR0FBRyxJQUFJLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLEVBQUU7UUFDaEQsb0JBQW9CLEVBQUUsT0FBTztRQUM3QixHQUFHLEtBQUs7UUFDUixnQkFBZ0IsRUFBRTtZQUNoQixFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsTUFBTSxFQUFFLEVBQUUsRUFBRSxFQUFFLFFBQVEsRUFBRSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUU7U0FDOUQ7UUFDRCxPQUFPLEVBQUUsT0FBTyxDQUFDLHVCQUF1QixDQUFDLFFBQVE7S0FDbEQsQ0FBQyxDQUFDO0lBRUgsOEJBQThCO0lBQzlCLE1BQU0sYUFBYSxHQUNqQixnQkFBZ0IsSUFBSSxTQUFTLElBQUksQ0FBQyxtQkFBbUI7UUFDbkQsQ0FBQyxDQUFDLElBQUEsc0JBQWEsRUFBQyxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLFNBQVUsRUFBRSxDQUFDO1FBQ3hELENBQUMsQ0FBQyxTQUFTLENBQUM7SUFDaEIsTUFBTSxjQUFjLEdBQ2xCLGdCQUFnQixJQUFJLFNBQVMsSUFBSSxDQUFDLG1CQUFtQjtRQUNuRCxDQUFDLENBQUMsSUFBQSw4QkFBZSxFQUFDO1lBQ2QsSUFBSSxFQUFFLEdBQUcsTUFBTSxjQUFjO1lBQzdCLFNBQVMsRUFBRSxTQUFVO1lBQ3JCLGFBQWEsRUFBRSxJQUFJO1lBQ25CLEtBQUssRUFBRSxJQUFBLHVCQUFjLEVBQUMsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxLQUFLLEVBQUUsTUFBTSxFQUFFLEVBQUUsRUFBRSxDQUFDO2lCQUMvRCxNQUFNO1NBQ1YsQ0FBQztRQUNKLENBQUMsQ0FBQyxTQUFTLENBQUM7SUFFaEIsTUFBTSxFQUFFLEdBQUcsSUFBSSxPQUFPLENBQUMsY0FBYyxDQUNuQyxNQUFNLEVBQ047UUFDRSxNQUFNO1FBQ04sR0FBRyxLQUFLO1FBQ1IsR0FBRyxNQUFNO1FBRVQsZUFBZSxFQUFFLEVBQUUsTUFBTSxFQUFFO1FBQzNCLFFBQVEsRUFBRTtZQUNSLElBQUksRUFBRSxVQUFVO2dCQUNkLENBQUMsQ0FBQyxPQUFPLENBQUMsb0JBQW9CLENBQUMsMkJBQTJCO2dCQUMxRCxDQUFDLENBQUMsT0FBTyxDQUFDLG9CQUFvQixDQUFDLGNBQWM7WUFDL0Msc0JBQXNCLEVBQUUsVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUztTQUNqRTtRQUVELFdBQVcsRUFBRSxNQUFNO1FBQ25CLGNBQWMsRUFBRTtZQUNkLGlCQUFpQixFQUFFLENBQUMsRUFBRSxFQUFFLEVBQUUsR0FBRyxDQUFDLEVBQUUsRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLENBQUM7U0FDbkQ7UUFDRCw0RUFBNEU7UUFDNUUsZUFBZSxFQUFFLEVBQUUsZ0JBQWdCLEVBQUUsSUFBSSxFQUFFO1FBQzNDLFNBQVMsRUFBRTtZQUNULFlBQVksRUFBRSxJQUFJO1lBQ2xCLGFBQWEsRUFBRSxLQUFLLENBQUMsVUFBVTtZQUMvQixhQUFhLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFFN0Isd0JBQXdCLEVBQUUsSUFBSTtZQUM5QiwwQ0FBMEM7WUFDMUMsb0NBQW9DO1lBQ3BDLGtCQUFrQixFQUNoQixNQUFNLEtBQUssT0FBTztnQkFDaEIsQ0FBQyxDQUFDO29CQUNFLDBEQUEwRDtvQkFDMUQsNkJBQTZCLEVBQUUsS0FBSztvQkFDcEMsZ0JBQWdCLEVBQUUsSUFBSTtvQkFDdEIsYUFBYSxFQUFFO3dCQUNiLGNBQWMsRUFDWixPQUFPLENBQUMsd0JBQXdCLENBQUMsbUJBQW1CO3dCQUN0RCwyQkFBMkIsRUFBRTs0QkFDM0Isd0NBQXdDLEVBQUUsSUFBSTs0QkFDOUMsYUFBYSxFQUNYLE9BQU8sQ0FBQyxpREFBaUQ7aUNBQ3RELEtBQUs7eUJBQ1g7d0JBQ0QsU0FBUyxFQUFFLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBQyxtQkFBbUI7cUJBQzdEO2lCQUNGO2dCQUNILENBQUMsQ0FBQyxTQUFTO1lBRWYsb0JBQW9CLEVBQ2xCLE1BQU0sS0FBSyxTQUFTO2dCQUNsQixDQUFDLENBQUM7b0JBQ0Usc0JBQXNCLEVBQUUsSUFBSTtvQkFDNUIsZ0JBQWdCLEVBQUUsSUFBSTtvQkFDdEIsUUFBUSxFQUFFLFFBQVEsRUFBRSxRQUFRO29CQUM1QixhQUFhLEVBQUU7d0JBQ2IsaUJBQWlCLEVBQUUsS0FBSzt3QkFDeEIsY0FBYyxFQUNaLE9BQU8sQ0FBQywwQkFBMEIsQ0FBQyxZQUFZO3dCQUNqRCxTQUFTLEVBQUUsT0FBTyxDQUFDLHVCQUF1QixDQUFDLGFBQWE7cUJBQ3pEO2lCQUNGO2dCQUNILENBQUMsQ0FBQyxTQUFTO1NBQ2hCO1FBQ0QsY0FBYyxFQUFFO1lBQ2QsY0FBYyxFQUFFO2dCQUNkLEdBQUcsS0FBSztnQkFDUixPQUFPLEVBQUUsUUFBUTthQUNsQjtZQUNELE1BQU0sRUFBRTtnQkFDTixJQUFJLEVBQUUsR0FBRyxJQUFJLFFBQVE7Z0JBQ3JCLFVBQVUsRUFBRSxZQUFZO2dCQUN4QixPQUFPLEVBQUUsV0FBVztnQkFDcEIsWUFBWSxFQUFFLFdBQVc7Z0JBQ3pCLE1BQU07Z0JBRU4sa0JBQWtCLEVBQ2hCLGNBQWMsSUFBSSxhQUFhO29CQUM3QixDQUFDLENBQUM7d0JBQ0UsaUJBQWlCLEVBQUUsY0FBYzs0QkFDL0IsQ0FBQyxDQUFDO2dDQUNFLFNBQVMsRUFBRSxjQUFjLENBQUMsRUFBRTtnQ0FDNUIsV0FBVyxFQUFFO29DQUNYLEVBQUUsRUFBRSxTQUFVLENBQUMsRUFBRTtpQ0FDbEI7NkJBQ0Y7NEJBQ0gsQ0FBQyxDQUFDLFNBQVM7d0JBQ2IsZ0JBQWdCLEVBQUUsYUFBYTs0QkFDN0IsQ0FBQyxDQUFDO2dDQUNFLE1BQU0sRUFBRSxhQUFhLENBQUMsR0FBRztnQ0FDekIsV0FBVyxFQUFFO29DQUNYLEVBQUUsRUFBRSxTQUFVLENBQUMsRUFBRTtpQ0FDbEI7NkJBQ0Y7NEJBQ0gsQ0FBQyxDQUFDLFNBQVM7d0JBQ2IsT0FBTyxFQUFFLGdCQUFnQjtxQkFDMUI7b0JBQ0gsQ0FBQyxDQUFDLFNBQVM7Z0JBRWYsV0FBVyxFQUFFO29CQUNYLGlCQUFpQixFQUFFLG1CQUFtQjt3QkFDcEMsQ0FBQyxDQUFDOzRCQUNFLEVBQUUsRUFBRSxtQkFBbUI7eUJBQ3hCO3dCQUNILENBQUMsQ0FBQyxTQUFTO29CQUNiLGtCQUFrQjtpQkFDbkI7YUFDRjtZQUNELFNBQVMsRUFBRSxjQUFjO2dCQUN2QixDQUFDLENBQUM7b0JBQ0U7d0JBQ0UsSUFBSSxFQUFFLEdBQUcsSUFBSSxVQUFVO3dCQUN2QixVQUFVLEVBQUUsY0FBYzt3QkFDMUIsWUFBWSxFQUFFLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBQyxLQUFLO3dCQUNqRCxHQUFHLEVBQUUsQ0FBQzt3QkFFTixXQUFXLEVBQUU7NEJBQ1gsaUJBQWlCLEVBQUUsbUJBQW1CO2dDQUNwQyxDQUFDLENBQUM7b0NBQ0UsRUFBRSxFQUFFLG1CQUFtQjtpQ0FDeEI7Z0NBQ0gsQ0FBQyxDQUFDLFNBQVM7NEJBQ2Isa0JBQWtCO3lCQUNuQjtxQkFDRjtpQkFDRjtnQkFDSCxDQUFDLENBQUMsRUFBRTtTQUNQO1FBQ0Qsa0JBQWtCLEVBQUUsRUFBRSxlQUFlLEVBQUUsRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEVBQUU7UUFDMUQscUJBQXFCO1FBQ3JCLEVBQUU7UUFDRixzQkFBc0I7UUFDdEIsbUNBQW1DO1FBQ25DLFNBQVM7UUFDVCxLQUFLO1FBQ0wsSUFBSTtLQUNMLEVBQ0Q7UUFDRSxTQUFTO1FBQ1QsYUFBYSxFQUFFO1FBQ2IsMERBQTBEO1FBQzFELDBDQUEwQztRQUMxQyxtQkFBbUI7U0FDcEI7S0FDRixDQUNGLENBQUM7SUFFRixJQUFJLFVBQVUsRUFBRSxDQUFDO1FBQ2YsVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQ3hCLElBQUEsbUJBQVMsRUFBQztZQUNSLEdBQUcsRUFBRTtZQUNMLEtBQUs7WUFDTCxNQUFNO1lBQ04sU0FBUyxFQUFFLEVBQUU7U0FDZCxDQUFDLENBQ0gsQ0FBQztJQUNKLENBQUM7SUFDRCxJQUFJLElBQUksRUFBRSxDQUFDO1FBQ1QsSUFBQSxlQUFNLEVBQUMsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ3pDLENBQUM7SUFFRCw0REFBNEQ7SUFDNUQsa0JBQWtCO0lBQ2xCLHdCQUF3QjtJQUN4QixrQkFBa0I7SUFDbEIsZ0RBQWdEO0lBQ2hELE9BQU87SUFDUCxJQUFJO0lBRUosZUFBZTtJQUNmLElBQUksUUFBUSxFQUFFLGdCQUFnQixFQUFFLENBQUM7UUFDL0IsSUFBQSx3QkFBYyxFQUFDO1lBQ2IsSUFBSSxFQUFFLHNCQUFzQixNQUFNLEVBQUU7WUFDcEMsS0FBSztZQUNMLElBQUksRUFBRSxRQUFRLENBQUMsZ0JBQWdCO1lBQy9CLFFBQVEsRUFBRSxRQUFRLENBQUMsUUFBUTtZQUMzQixnQkFBZ0IsRUFBRSxFQUFFLENBQUMsRUFBRTtZQUN2QixJQUFJLEVBQUUsdUJBQXVCLEVBQUUsaUZBQWlGO1lBQ2hILFNBQVMsRUFBRSxFQUFFO1NBQ2QsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELFlBQVk7SUFDWixpQ0FBaUM7SUFDakMscUJBQXFCO0lBQ3JCLG9DQUFvQztJQUNwQyxhQUFhO0lBQ2Isb0NBQW9DO0lBQ3BDLG1DQUFtQztJQUNuQywrQkFBK0I7SUFDL0IsZ0hBQWdIO0lBQ2hILHFCQUFxQjtJQUNyQixRQUFRO0lBQ1IsSUFBSTtJQUVKLE9BQU8sRUFBRSxDQUFDO0FBQ1osQ0FBQyxDQUFDIn0=
|
package/VNet/Firewall.d.ts
CHANGED
|
@@ -1,21 +1,22 @@
|
|
|
1
1
|
import * as network from '@pulumi/azure-native/network';
|
|
2
2
|
import * as pulumi from '@pulumi/pulumi';
|
|
3
3
|
import { Input } from '@pulumi/pulumi';
|
|
4
|
-
import {
|
|
4
|
+
import { BasicResourceArgs, LogInfo } from '../types';
|
|
5
5
|
import { FirewallPolicyProps } from './types';
|
|
6
6
|
export interface FwOutboundConfig {
|
|
7
7
|
subnetId: pulumi.Input<string>;
|
|
8
|
-
|
|
8
|
+
/** The IDs of public Ip Address.*/
|
|
9
|
+
publicIpAddressId?: pulumi.Input<string>;
|
|
9
10
|
}
|
|
10
11
|
export type FirewallSkus = {
|
|
11
12
|
name: network.AzureFirewallSkuName;
|
|
12
13
|
tier: network.AzureFirewallSkuTier;
|
|
13
14
|
};
|
|
14
15
|
export interface FirewallProps extends BasicResourceArgs {
|
|
15
|
-
/** The public outbound IP address ignores this property if want to enable the Force Tunneling mode */
|
|
16
|
+
/** The public outbound IP address can be ignores this property if want to enable the Force Tunneling mode */
|
|
16
17
|
outbound: Array<FwOutboundConfig>;
|
|
17
18
|
/** This must be provided if sku is Basic or want to enable the Force Tunneling mode */
|
|
18
|
-
management?: FwOutboundConfig
|
|
19
|
+
management?: Pick<FwOutboundConfig, 'subnetId'>;
|
|
19
20
|
snat?: {
|
|
20
21
|
privateRanges?: Input<string>;
|
|
21
22
|
autoLearnPrivateRanges?: boolean;
|
|
@@ -24,11 +25,12 @@ export interface FirewallProps extends BasicResourceArgs {
|
|
|
24
25
|
policy: FirewallPolicyProps;
|
|
25
26
|
enableDnsProxy?: boolean;
|
|
26
27
|
sku?: FirewallSkus;
|
|
27
|
-
|
|
28
|
+
/**This is required in order to search firewall logs*/
|
|
29
|
+
logInfo?: LogInfo;
|
|
28
30
|
}
|
|
29
31
|
export type FirewallResult = {
|
|
30
32
|
firewall: network.AzureFirewall;
|
|
31
33
|
policy: network.FirewallPolicy | undefined;
|
|
32
34
|
};
|
|
33
|
-
declare const _default: ({ name, group, snat, policy, outbound, management,
|
|
35
|
+
declare const _default: ({ name, group, snat, policy, outbound, management, logInfo, enableDnsProxy, sku, dependsOn, ignoreChanges, }: FirewallProps) => FirewallResult;
|
|
34
36
|
export default _default;
|
package/VNet/Firewall.js
CHANGED
|
@@ -28,29 +28,21 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
28
28
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
29
|
const network = __importStar(require("@pulumi/azure-native/network"));
|
|
30
30
|
const Common_1 = require("../Common");
|
|
31
|
-
const ResourceCreator_1 = __importDefault(require("../Core/ResourceCreator"));
|
|
32
31
|
const FirewallPolicy_1 = __importStar(require("./FirewallPolicy"));
|
|
33
32
|
const IpAddress_1 = __importDefault(require("./IpAddress"));
|
|
34
|
-
|
|
33
|
+
const Helpers_1 = require("../Logs/Helpers");
|
|
34
|
+
exports.default = ({ name, group, snat, policy, outbound, management, logInfo, enableDnsProxy, sku = {
|
|
35
35
|
name: network.AzureFirewallSkuName.AZFW_VNet,
|
|
36
36
|
tier: network.AzureFirewallSkuTier.Basic,
|
|
37
|
-
},
|
|
38
|
-
// Validation
|
|
39
|
-
if (!Common_1.isDryRun) {
|
|
40
|
-
if (!outbound && !management)
|
|
41
|
-
throw new Error('Management Public Ip Address is required for the Force Tunneling mode.');
|
|
42
|
-
if (sku.tier === network.AzureFirewallSkuTier.Basic && !management)
|
|
43
|
-
throw new Error('Management Subnet is required for Firewall Basic tier.');
|
|
44
|
-
}
|
|
37
|
+
}, dependsOn, ignoreChanges, }) => {
|
|
45
38
|
const fwName = (0, Common_1.getFirewallName)(name);
|
|
46
39
|
//Create Public IpAddress for Management
|
|
47
40
|
const manageIpAddress = management
|
|
48
|
-
?
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
})
|
|
41
|
+
? (0, IpAddress_1.default)({
|
|
42
|
+
name: `${name}-mag`,
|
|
43
|
+
group,
|
|
44
|
+
lock: false,
|
|
45
|
+
})
|
|
54
46
|
: undefined;
|
|
55
47
|
const additionalProperties = {};
|
|
56
48
|
if (enableDnsProxy && sku.tier !== network.AzureFirewallSkuTier.Basic) {
|
|
@@ -78,13 +70,14 @@ exports.default = ({ name, group, snat, policy, outbound, management, monitorCon
|
|
|
78
70
|
: undefined,
|
|
79
71
|
})
|
|
80
72
|
: undefined;
|
|
81
|
-
const
|
|
73
|
+
const firewall = new network.AzureFirewall(fwName, {
|
|
82
74
|
azureFirewallName: fwName,
|
|
83
75
|
...group,
|
|
84
76
|
sku,
|
|
85
77
|
firewallPolicy: fwPolicy ? { id: fwPolicy.id } : undefined,
|
|
86
78
|
zones: Common_1.isPrd ? ['1', '2', '3'] : undefined,
|
|
87
|
-
threatIntelMode: sku.tier !== network.AzureFirewallSkuTier.Basic &&
|
|
79
|
+
threatIntelMode: sku.tier !== network.AzureFirewallSkuTier.Basic &&
|
|
80
|
+
sku.name !== 'AZFW_Hub'
|
|
88
81
|
? network.AzureFirewallThreatIntelMode.Deny
|
|
89
82
|
: undefined,
|
|
90
83
|
managementIpConfiguration: management && manageIpAddress
|
|
@@ -97,23 +90,27 @@ exports.default = ({ name, group, snat, policy, outbound, management, monitorCon
|
|
|
97
90
|
ipConfigurations: outbound
|
|
98
91
|
? outbound.map((o, i) => ({
|
|
99
92
|
name: `outbound-${i}`,
|
|
100
|
-
publicIPAddress: o.
|
|
101
|
-
? { id: o.
|
|
93
|
+
publicIPAddress: o.publicIpAddressId
|
|
94
|
+
? { id: o.publicIpAddressId }
|
|
102
95
|
: undefined,
|
|
103
96
|
subnet: { id: o.subnetId },
|
|
104
97
|
}))
|
|
105
98
|
: undefined,
|
|
106
99
|
additionalProperties,
|
|
107
|
-
|
|
108
|
-
|
|
100
|
+
}, { dependsOn, ignoreChanges });
|
|
101
|
+
if (logInfo) {
|
|
102
|
+
(0, Helpers_1.createDiagnostic)({
|
|
103
|
+
name,
|
|
104
|
+
targetResourceId: firewall.id,
|
|
105
|
+
logInfo,
|
|
109
106
|
logsCategories: [
|
|
110
107
|
'AzureFirewallApplicationRule',
|
|
111
108
|
'AzureFirewallNetworkRule',
|
|
112
109
|
'AzureFirewallDnsProxy',
|
|
113
110
|
],
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
}
|
|
111
|
+
dependsOn: firewall,
|
|
112
|
+
});
|
|
113
|
+
}
|
|
117
114
|
//Link Rule to Policy
|
|
118
115
|
if (fwPolicy && policy?.rules) {
|
|
119
116
|
(0, FirewallPolicy_1.linkRulesToPolicy)({
|
|
@@ -121,9 +118,9 @@ exports.default = ({ name, group, snat, policy, outbound, management, monitorCon
|
|
|
121
118
|
//priority: 201,
|
|
122
119
|
firewallPolicyName: fwPolicy.name,
|
|
123
120
|
rules: policy.rules,
|
|
124
|
-
dependsOn: [fwPolicy,
|
|
121
|
+
dependsOn: [fwPolicy, firewall],
|
|
125
122
|
});
|
|
126
123
|
}
|
|
127
|
-
return { firewall
|
|
124
|
+
return { firewall, policy: fwPolicy };
|
|
128
125
|
};
|
|
129
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
126
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRmlyZXdhbGwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvVk5ldC9GaXJld2FsbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsc0VBQXdEO0FBR3hELHNDQUFtRDtBQUVuRCxtRUFBcUU7QUFFckUsNERBQW9DO0FBQ3BDLDZDQUFtRDtBQWlDbkQsa0JBQWUsQ0FBQyxFQUNkLElBQUksRUFDSixLQUFLLEVBQ0wsSUFBSSxFQUNKLE1BQU0sRUFDTixRQUFRLEVBQ1IsVUFBVSxFQUNWLE9BQU8sRUFDUCxjQUFjLEVBQ2QsR0FBRyxHQUFHO0lBQ0osSUFBSSxFQUFFLE9BQU8sQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTO0lBQzVDLElBQUksRUFBRSxPQUFPLENBQUMsb0JBQW9CLENBQUMsS0FBSztDQUN6QyxFQUNELFNBQVMsRUFDVCxhQUFhLEdBQ0MsRUFBa0IsRUFBRTtJQUNsQyxNQUFNLE1BQU0sR0FBRyxJQUFBLHdCQUFlLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFFckMsd0NBQXdDO0lBQ3hDLE1BQU0sZUFBZSxHQUFHLFVBQVU7UUFDaEMsQ0FBQyxDQUFDLElBQUEsbUJBQVMsRUFBQztZQUNSLElBQUksRUFBRSxHQUFHLElBQUksTUFBTTtZQUNuQixLQUFLO1lBQ0wsSUFBSSxFQUFFLEtBQUs7U0FDWixDQUFDO1FBQ0osQ0FBQyxDQUFDLFNBQVMsQ0FBQztJQUVkLE1BQU0sb0JBQW9CLEdBQWtDLEVBQUUsQ0FBQztJQUMvRCxJQUFJLGNBQWMsSUFBSSxHQUFHLENBQUMsSUFBSSxLQUFLLE9BQU8sQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUN0RSxvQkFBb0IsQ0FBQyx5QkFBeUIsQ0FBQyxHQUFHLFNBQVMsQ0FBQztJQUM5RCxDQUFDO0lBQ0QsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUNULElBQUksSUFBSSxDQUFDLGFBQWE7WUFDcEIsb0JBQW9CLENBQUMsYUFBYSxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUM7UUFDMUQsSUFBSSxJQUFJLENBQUMsc0JBQXNCO1lBQzdCLG9CQUFvQixDQUFDLHNCQUFzQixHQUFHLFNBQVMsQ0FBQztRQUMxRCxJQUFJLElBQUksQ0FBQyxhQUFhO1lBQ3BCLG9CQUFvQixDQUFDLHVDQUF1QyxDQUFDO2dCQUMzRCxJQUFJLENBQUMsYUFBYSxDQUFDO0lBQ3pCLENBQUM7SUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNO1FBQ3JCLENBQUMsQ0FBQyxJQUFBLHdCQUFjLEVBQUM7WUFDYixJQUFJO1lBQ0osS0FBSztZQUNMLFlBQVksRUFBRSxNQUFNLENBQUMsY0FBYztZQUNuQyxHQUFHLEVBQUUsR0FBRyxDQUFDLElBQUk7WUFDYixXQUFXLEVBQ1QsR0FBRyxFQUFFLElBQUksS0FBSyxPQUFPO2dCQUNuQixDQUFDLENBQUM7b0JBQ0UsV0FBVyxFQUFFLElBQUk7aUJBQ2xCO2dCQUNILENBQUMsQ0FBQyxTQUFTO1NBQ2hCLENBQUM7UUFDSixDQUFDLENBQUMsU0FBUyxDQUFDO0lBRWQsTUFBTSxRQUFRLEdBQUcsSUFBSSxPQUFPLENBQUMsYUFBYSxDQUN4QyxNQUFNLEVBQ047UUFDRSxpQkFBaUIsRUFBRSxNQUFNO1FBQ3pCLEdBQUcsS0FBSztRQUNSLEdBQUc7UUFDSCxjQUFjLEVBQUUsUUFBUSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRSxRQUFRLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDMUQsS0FBSyxFQUFFLGNBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTO1FBRTFDLGVBQWUsRUFDYixHQUFHLENBQUMsSUFBSSxLQUFLLE9BQU8sQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLO1lBQy9DLEdBQUcsQ0FBQyxJQUFJLEtBQUssVUFBVTtZQUNyQixDQUFDLENBQUMsT0FBTyxDQUFDLDRCQUE0QixDQUFDLElBQUk7WUFDM0MsQ0FBQyxDQUFDLFNBQVM7UUFFZix5QkFBeUIsRUFDdkIsVUFBVSxJQUFJLGVBQWU7WUFDM0IsQ0FBQyxDQUFDO2dCQUNFLElBQUksRUFBRSxZQUFZO2dCQUNsQixlQUFlLEVBQUUsRUFBRSxFQUFFLEVBQUUsZUFBZSxDQUFDLEVBQUUsRUFBRTtnQkFDM0MsTUFBTSxFQUFFLEVBQUUsRUFBRSxFQUFFLFVBQVUsQ0FBQyxRQUFRLEVBQUU7YUFDcEM7WUFDSCxDQUFDLENBQUMsU0FBUztRQUVmLGdCQUFnQixFQUFFLFFBQVE7WUFDeEIsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUN0QixJQUFJLEVBQUUsWUFBWSxDQUFDLEVBQUU7Z0JBQ3JCLGVBQWUsRUFBRSxDQUFDLENBQUMsaUJBQWlCO29CQUNsQyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDLGlCQUFpQixFQUFFO29CQUM3QixDQUFDLENBQUMsU0FBUztnQkFDYixNQUFNLEVBQUUsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDLFFBQVEsRUFBRTthQUMzQixDQUFDLENBQUM7WUFDTCxDQUFDLENBQUMsU0FBUztRQUViLG9CQUFvQjtLQUNyQixFQUNELEVBQUUsU0FBUyxFQUFFLGFBQWEsRUFBRSxDQUM3QixDQUFDO0lBRUYsSUFBSSxPQUFPLEVBQUUsQ0FBQztRQUNaLElBQUEsMEJBQWdCLEVBQUM7WUFDZixJQUFJO1lBQ0osZ0JBQWdCLEVBQUUsUUFBUSxDQUFDLEVBQUU7WUFDN0IsT0FBTztZQUNQLGNBQWMsRUFBRTtnQkFDZCw4QkFBOEI7Z0JBQzlCLDBCQUEwQjtnQkFDMUIsdUJBQXVCO2FBQ3hCO1lBQ0QsU0FBUyxFQUFFLFFBQVE7U0FDcEIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELHFCQUFxQjtJQUNyQixJQUFJLFFBQVEsSUFBSSxNQUFNLEVBQUUsS0FBSyxFQUFFLENBQUM7UUFDOUIsSUFBQSxrQ0FBaUIsRUFBQztZQUNoQixLQUFLO1lBQ0wsZ0JBQWdCO1lBQ2hCLGtCQUFrQixFQUFFLFFBQVEsQ0FBQyxJQUFJO1lBQ2pDLEtBQUssRUFBRSxNQUFNLENBQUMsS0FBSztZQUNuQixTQUFTLEVBQUUsQ0FBQyxRQUFRLEVBQUUsUUFBUSxDQUFDO1NBQ2hDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxPQUFPLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsQ0FBQztBQUN4QyxDQUFDLENBQUMifQ==
|