@gradientedge/cdk-utils-azure 1.0.0

package/dist/src/common/tagging.js

@@ -0,0 +1,78 @@
+import * as pulumi from '@pulumi/pulumi';
+import { RESOURCES_TO_EXCLUDE_TAGS } from './constants.js';
+/**
+ * @summary Check if a resource type is taggable
+ * @param resourceType The Pulumi resource type (e.g., 'azure-native:resources:ResourceGroup')
+ * @returns True if the resource supports tags, false otherwise
+ */
+export function isTaggableResource(resourceType) {
+    // Extract the resource name from the type (e.g., 'ResourceGroup' from 'azure-native:resources:ResourceGroup')
+    const resourceName = resourceType.split(':').pop() || '';
+    // Check if this resource is in the exclusion list
+    if (RESOURCES_TO_EXCLUDE_TAGS.has(resourceName)) {
+        return false;
+    }
+    // Most Azure resources support tags, but we can add more specific checks here if needed
+    return true;
+}
+/**
+ * @summary Register a stack transformation to automatically apply tags to Azure resources
+ * @param defaultTags The default tags to apply to all resources
+ * @param tagsToIgnore Optional list of tag keys to ignore in lifecycle management
+ * @example
+ * ```typescript
+ * registerTagTransformation({ environment: 'production', team: 'platform' })
+ * ```
+ */
+export function registerTagTransformation(defaultTags, tagsToIgnore = []) {
+    pulumi.runtime.registerStackTransformation((args) => {
+        // Only process taggable resources
+        if (!isTaggableResource(args.type)) {
+            return undefined;
+        }
+        // Check if the resource has a tags property
+        if (!args.props || typeof args.props !== 'object') {
+            return undefined;
+        }
+        // Merge default tags with resource-specific tags (resource tags take precedence)
+        const currentTags = args.props.tags || {};
+        const mergedTags = { ...defaultTags, ...currentTags };
+        // Apply the merged tags
+        const newProps = {
+            ...args.props,
+            tags: mergedTags,
+        };
+        // Handle tag ignores via Pulumi's ignoreChanges option
+        let newOpts = args.opts;
+        if (tagsToIgnore.length > 0) {
+            const ignoreChanges = tagsToIgnore.map(tag => `tags.${tag}`);
+            newOpts = {
+                ...args.opts,
+                ignoreChanges: [...(args.opts?.ignoreChanges || []), ...ignoreChanges],
+            };
+        }
+        return {
+            props: newProps,
+            opts: newOpts,
+        };
+    });
+}
+/**
+ * @summary Helper function to apply tags to a specific resource's properties
+ * @param props The resource properties
+ * @param defaultTags The default tags to merge with existing tags
+ * @returns The properties with merged tags
+ * @example
+ * ```typescript
+ * const resourceGroupProps = applyTags(props, { environment: 'dev' })
+ * ```
+ */
+export function applyTags(props, defaultTags) {
+    return {
+        ...props,
+        tags: {
+            ...defaultTags,
+            ...(props.tags || {}),
+        },
+    };
+}

package/dist/src/common/types.d.ts

@@ -0,0 +1,57 @@
+import { GetComponentOutputArgs } from '@pulumi/azure-native/applicationinsights/index.js';
+import { GetWorkspaceOutputArgs } from '@pulumi/azure-native/operationalinsights/index.js';
+import { BaseProps } from '@gradientedge/cdk-utils-common';
+import { AzureLocation, AzureRemoteBackend } from './constants.js';
+export interface AzureLocationConfig {
+    id: string;
+    name: string;
+}
+/**
+ * @interface CommonAzureStackProps
+ * @description Common properties for Azure stack configuration using Pulumi
+ */
+export interface CommonAzureStackProps extends BaseProps {
+    stackName?: string;
+    resourceGroupName?: string;
+    remoteBackend?: AzureRemoteBackendProps;
+    globalPrefix?: string;
+    globalSuffix?: string;
+    resourcePrefix?: string;
+    resourceSuffix?: string;
+    resourceNameOptions?: {
+        [key: string]: AzureResourceNameFormatterProps;
+    };
+    location: AzureLocation;
+    locationConfig?: Record<AzureLocation, AzureLocationConfig>;
+    locales?: string[];
+    defaultTags?: {
+        [key: string]: string;
+    };
+    commonLogAnalyticsWorkspace?: GetWorkspaceOutputArgs;
+    commonApplicationInsights?: GetComponentOutputArgs;
+    subscriptionId?: string;
+    tenantId?: string;
+    clientId?: string;
+    clientSecret?: string;
+    environment?: string;
+    useOidc?: boolean;
+    oidcRequestToken?: string;
+    oidcRequestUrl?: string;
+    useMsi?: boolean;
+    msiEndpoint?: string;
+}
+export interface AzureRemoteBackendProps {
+    type: AzureRemoteBackend;
+    storageAccountName?: string;
+    containerName?: string;
+    resourceGroupName?: string;
+    subscriptionId?: string;
+    key?: string;
+}
+export interface AzureResourceNameFormatterProps {
+    exclude?: boolean;
+    globalPrefix?: boolean;
+    globalSuffix?: boolean;
+    prefix?: string;
+    suffix?: string;
+}

package/dist/src/common/types.js

@@ -0,0 +1 @@
+export {};

package/dist/src/construct/event-handler/index.d.ts

@@ -0,0 +1,2 @@
+export * from './main.js';
+export * from './types.js';

package/dist/src/construct/event-handler/index.js

@@ -0,0 +1,2 @@
+export * from './main.js';
+export * from './types.js';

package/dist/src/construct/event-handler/main.d.ts

@@ -0,0 +1,61 @@
+import { GetTopicResult, Topic } from '@pulumi/azure-native/eventgrid/index.js';
+import { Output } from '@pulumi/pulumi';
+import { AzureFunctionApp } from '../function-app/index.js';
+import { AzureEventHandlerProps, EventHandlerEventGridSubscription, EventHandlerServiceBus } from './types.js';
+/**
+ * @classdesc Provides a construct to create and deploy an Azure EventGrid Event Handler with Service Bus integration
+ * @example
+ * import { AzureEventHandler, AzureEventHandlerProps } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends AzureEventHandler {
+ *   constructor(id: string, props: AzureEventHandlerProps) {
+ *     super(id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+export declare class AzureEventHandler extends AzureFunctionApp {
+    props: AzureEventHandlerProps;
+    eventGridEventSubscription: EventHandlerEventGridSubscription;
+    eventGridTopic: Topic | Output<GetTopicResult>;
+    serviceBus: EventHandlerServiceBus;
+    constructor(id: string, props: AzureEventHandlerProps);
+    /**
+     * @summary Initialise and provision resources
+     */
+    initResources(): void;
+    /**
+     * @summary Method to create the dead-letter queue storage account for EventGrid subscriptions
+     */
+    protected createEventGridSubscriptionDlqStorageAccount(): void;
+    /**
+     * @summary Method to create the dead-letter queue storage container for EventGrid subscriptions
+     */
+    protected createEventGridSubscriptionDlqStorageContainer(): void;
+    /**
+     * @summary Method to create the Service Bus namespace
+     */
+    protected createServiceBusNamespace(): void;
+    /**
+     * @summary Method to create the Service Bus queue
+     */
+    protected createServiceBusQueue(): void;
+    /**
+     * @summary Method to create or resolve an existing EventGrid topic
+     */
+    protected createEventGrid(): void;
+    /**
+     * @summary Method to create the EventGrid event subscription with Service Bus queue destination
+     */
+    protected createEventGridEventSubscription(): void;
+    /**
+     * @summary Method to create diagnostic log settings for the Service Bus namespace
+     */
+    protected createServiceBusDiagnosticLog(): void;
+    /**
+     * @summary Method to enable Microsoft Defender malware scanning on the data storage account
+     */
+    protected enableMalwareScanningOnDataStorageAccount(): void;
+}

package/dist/src/construct/event-handler/main.js

@@ -0,0 +1,180 @@
+import { Provider } from '@pulumi/azure-native';
+import { getTopicOutput } from '@pulumi/azure-native/eventgrid/index.js';
+import { AzureFunctionApp } from '../function-app/index.js';
+/**
+ * @classdesc Provides a construct to create and deploy an Azure EventGrid Event Handler with Service Bus integration
+ * @example
+ * import { AzureEventHandler, AzureEventHandlerProps } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends AzureEventHandler {
+ *   constructor(id: string, props: AzureEventHandlerProps) {
+ *     super(id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+export class AzureEventHandler extends AzureFunctionApp {
+    props;
+    eventGridEventSubscription;
+    eventGridTopic;
+    serviceBus;
+    constructor(id, props) {
+        super(id, props);
+        this.props = props;
+        this.id = id;
+    }
+    /**
+     * @summary Initialise and provision resources
+     */
+    initResources() {
+        this.createResourceGroup();
+        this.resolveCommonLogAnalyticsWorkspace();
+        this.resolveApplicationInsights();
+        this.createEventGridSubscriptionDlqStorageAccount();
+        this.createEventGridSubscriptionDlqStorageContainer();
+        this.createServiceBusNamespace();
+        this.createServiceBusQueue();
+        this.createEventGrid();
+        this.createEventGridEventSubscription();
+        this.createServiceBusDiagnosticLog();
+        this.enableMalwareScanningOnDataStorageAccount();
+        super.initResources();
+    }
+    /**
+     * @summary Method to create the dead-letter queue storage account for EventGrid subscriptions
+     */
+    createEventGridSubscriptionDlqStorageAccount() {
+        this.eventGridEventSubscription.dlqStorageAccount = this.storageManager.createStorageAccount(`${this.id}-eventgrid-subscription-dlq-storage-account`, this, {
+            ...this.props.eventGridSubscription.dlqStorageAccount,
+            resourceGroupName: this.resourceGroup.name,
+            location: this.resourceGroup.location,
+        });
+    }
+    /**
+     * @summary Method to create the dead-letter queue storage container for EventGrid subscriptions
+     */
+    createEventGridSubscriptionDlqStorageContainer() {
+        this.eventGridEventSubscription.dlqStorageContainer = this.storageManager.createStorageContainer(`${this.id}-eventgrid-subscription-dlq-container`, this, {
+            ...this.props.eventGridSubscription.dlqStorageContainer,
+            accountName: this.eventGridEventSubscription.dlqStorageAccount.name,
+            containerName: 'eventgrid-subscription-dlq-container',
+            resourceGroupName: this.resourceGroup.name,
+        });
+    }
+    /**
+     * @summary Method to create the Service Bus namespace
+     */
+    createServiceBusNamespace() {
+        this.serviceBus.namespace = this.serviceBusManager.createServiceBusNamespace(this.id, this, {
+            ...this.props.serviceBus.namespace,
+            namespaceName: this.props.serviceBus.namespace.namespaceName ?? this.id,
+            resourceGroupName: this.resourceGroup.name,
+        }, { ignoreChanges: ['location'] });
+        this.registerOutputs({
+            serviceBusNamespaceId: this.serviceBus.namespace.id,
+        });
+    }
+    /**
+     * @summary Method to create the Service Bus queue
+     */
+    createServiceBusQueue() {
+        this.serviceBus.queue = this.serviceBusManager.createServiceBusQueue(this.id, this, {
+            ...this.props.serviceBus.queue,
+            queueName: this.props.serviceBus.queue.queueName ?? this.id,
+            namespaceName: this.serviceBus.namespace.name,
+        });
+        this.registerOutputs({
+            serviceBusQueueId: this.serviceBus.queue.id,
+            serviceBusQueueName: this.serviceBus.queue.name,
+        });
+    }
+    /**
+     * @summary Method to create or resolve an existing EventGrid topic
+     */
+    createEventGrid() {
+        if (!this.props.eventGridTopic.useExistingTopic) {
+            this.eventGridTopic = this.eventgridManager.createEventgridTopic(this.id, this, {
+                ...this.props.eventGridTopic,
+                topicName: this.props.eventGridTopic.topicName ?? this.id,
+                location: this.resourceGroup.location,
+                resourceGroupName: this.resourceGroup.name,
+            }, { protect: true, ignoreChanges: ['location'] });
+            return;
+        }
+        const existingSubscriptionId = this.props.eventGridTopic.existingSubscriptionId;
+        const existingTopicName = this.props.eventGridTopic.existingTopicName;
+        const existingResourceGroupName = this.props.eventGridTopic.existingResourceGroupName;
+        let provider;
+        if (existingSubscriptionId) {
+            provider = new Provider(`${this.id}-${existingSubscriptionId}`, {
+                subscriptionId: existingSubscriptionId,
+            });
+        }
+        if (existingResourceGroupName && existingTopicName) {
+            this.eventGridTopic = getTopicOutput({
+                topicName: existingTopicName,
+                resourceGroupName: existingResourceGroupName,
+            }, { provider });
+        }
+    }
+    /**
+     * @summary Method to create the EventGrid event subscription with Service Bus queue destination
+     */
+    createEventGridEventSubscription() {
+        this.eventGridEventSubscription.eventSubscription = this.eventgridManager.createEventgridSubscription(this.id, this, {
+            ...this.props.eventGridEventSubscription,
+            eventSubscriptionName: this.props.eventGridEventSubscription.eventSubscriptionName ?? this.id,
+            scope: this.eventGridTopic.id,
+            destination: {
+                endpointType: 'ServiceBusQueue',
+                resourceId: this.serviceBus.queue.id,
+            },
+            deadLetterDestination: {
+                blobContainerName: this.eventGridEventSubscription.dlqStorageContainer.name,
+                endpointType: 'StorageBlob',
+                resourceId: this.eventGridEventSubscription.dlqStorageAccount.id,
+            },
+        }, { dependsOn: [this.eventGridTopic] });
+    }
+    /**
+     * @summary Method to create diagnostic log settings for the Service Bus namespace
+     */
+    createServiceBusDiagnosticLog() {
+        this.monitorManager.createMonitorDiagnosticSettings(this.id, this, {
+            name: `${this.props.stackName}-servicebus`,
+            resourceUri: this.serviceBus.namespace.id,
+            workspaceId: this.commonLogAnalyticsWorkspace.id,
+            logAnalyticsDestinationType: 'Dedicated',
+            logs: [
+                {
+                    categoryGroup: 'allLogs',
+                    enabled: true,
+                },
+            ],
+            metrics: [
+                {
+                    category: 'AllMetrics',
+                    enabled: true,
+                },
+            ],
+        });
+    }
+    /**
+     * @summary Method to enable Microsoft Defender malware scanning on the data storage account
+     */
+    enableMalwareScanningOnDataStorageAccount() {
+        if (!this.props.defender)
+            return;
+        this.securityCentermanager.createDefenderForStorage(`${this.id}-data-storage-defender`, this, {
+            ...this.props.defender,
+            resourceId: this.dataStorageAccount.id,
+            properties: {
+                malwareScanning: {
+                    scanResultsEventGridTopicResourceId: this.eventGridTopic.id,
+                },
+            },
+        });
+    }
+}

package/dist/src/construct/event-handler/types.d.ts

@@ -0,0 +1,35 @@
+import { EventSubscription } from '@pulumi/azure-native/eventgrid/index.js';
+import { Namespace, Queue } from '@pulumi/azure-native/servicebus/index.js';
+import { BlobContainer, StorageAccount } from '@pulumi/azure-native/storage/index.js';
+import { DefenderForStorageProps, EventgridEventSubscriptionProps, EventgridTopicProps, ServiceBusNamespaceProps, ServiceBusQueueProps, StorageAccountProps, StorageContainerProps } from '../../services/index.js';
+import { AzureFunctionAppProps } from '../function-app/index.js';
+export interface EventHandlerEventGridSubscriptionProps {
+    dlqStorageAccount: StorageAccountProps;
+    dlqStorageContainer: StorageContainerProps;
+}
+export interface EventHandlerEventGridSubscription {
+    dlqStorageAccount: StorageAccount;
+    dlqStorageContainer: BlobContainer;
+    eventSubscription: EventSubscription;
+}
+export interface EventHandlerServiceBusProps {
+    namespace: ServiceBusNamespaceProps;
+    queue: ServiceBusQueueProps;
+}
+export interface EventHandlerServiceBus {
+    namespace: Namespace;
+    queue: Queue;
+}
+export interface EventHandlerEventGridTopicProps extends EventgridTopicProps {
+    useExistingTopic: boolean;
+    existingSubscriptionId?: string;
+    existingTopicName?: string;
+    existingResourceGroupName?: string;
+}
+export interface AzureEventHandlerProps extends AzureFunctionAppProps {
+    defender?: DefenderForStorageProps;
+    eventGridEventSubscription: EventgridEventSubscriptionProps;
+    eventGridSubscription: EventHandlerEventGridSubscriptionProps;
+    eventGridTopic: EventHandlerEventGridTopicProps;
+    serviceBus: EventHandlerServiceBusProps;
+}

package/dist/src/construct/event-handler/types.js

@@ -0,0 +1 @@
+export {};

package/dist/src/construct/function-app/index.d.ts

@@ -0,0 +1,2 @@
+export * from './main.js';
+export * from './types.js';

package/dist/src/construct/function-app/index.js

@@ -0,0 +1,2 @@
+export * from './main.js';
+export * from './types.js';

package/dist/src/construct/function-app/main.d.ts

@@ -0,0 +1,128 @@
+import * as archive from '@pulumi/archive';
+import { ConfigurationStore, GetConfigurationStoreResult } from '@pulumi/azure-native/appconfiguration/index.js';
+import { GetComponentResult } from '@pulumi/azure-native/applicationinsights/index.js';
+import { Dashboard } from '@pulumi/azure-native/portal/index.js';
+import { BlobContainer, StorageAccount } from '@pulumi/azure-native/storage/index.js';
+import { AppServicePlan, WebApp } from '@pulumi/azure-native/web/index.js';
+import { Output, ResourceOptions } from '@pulumi/pulumi';
+import { CommonAzureConstruct } from '../../common/index.js';
+import { AzureFunctionAppProps } from './types.js';
+/**
+ * @classdesc Provides a construct to create and deploy an Azure Function App with Flex Consumption hosting
+ * @example
+ * import { AzureFunctionApp, AzureFunctionAppProps } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends AzureFunctionApp {
+ *   constructor(id: string, props: AzureFunctionAppProps) {
+ *     super(id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+export declare class AzureFunctionApp extends CommonAzureConstruct {
+    props: AzureFunctionAppProps;
+    app: WebApp;
+    appServicePlan: AppServicePlan;
+    appEnvironmentVariables: Record<string, any>;
+    appStorageAccount: StorageAccount;
+    appDeploymentStorageContainer: BlobContainer;
+    appStorageContainer: BlobContainer;
+    appConfig: ConfigurationStore | Output<GetConfigurationStoreResult>;
+    appCodeArchiveFile: Output<archive.GetFileResult>;
+    appConfigHash: string;
+    appKeyVaultsByResourceGroup: Map<string, Set<string>>;
+    appConnectionStrings: any[];
+    appConfigPrefix?: string;
+    appConfigurationsParsedConfig: any;
+    appConfigurationsOriginalParsedConfig: any;
+    dataStorageAccount: StorageAccount;
+    dataStorageContainer: BlobContainer;
+    applicationInsights: Output<GetComponentResult>;
+    functionDashboard: Dashboard;
+    constructor(id: string, props: AzureFunctionAppProps);
+    /**
+     * @summary Initialise and provision resources
+     */
+    initResources(): void;
+    /**
+     * @summary Method to resolve the Application Insights instance
+     */
+    protected resolveApplicationInsights(): void;
+    /**
+     * @summary Method to create the App Service Plan for the function app
+     */
+    protected createAppServicePlan(): void;
+    /**
+     * @summary Method to create parsed app configurations
+     * - To be implemented in the overriding method in the implementation class
+     */
+    protected createdParsedAppConfigurations(): void;
+    /**
+     * @summary Method to create or resolve the App Configuration store
+     */
+    protected createAppConfiguration(): void;
+    /**
+     * @summary Method to create app configurations
+     * - To be implemented in the overriding method in the implementation class
+     */
+    protected createAppConfigurations(): void;
+    /**
+     * @summary Method to create the storage account for the function app
+     */
+    protected createStorageAccount(): void;
+    /**
+     * @summary Method to create the storage deployment container for the function app
+     */
+    protected createStorageDeploymentContainer(): void;
+    /**
+     * @summary Method to create the storage container for the function app
+     */
+    protected createStorageContainer(): void;
+    /**
+     * @summary Method to create the data storage account
+     */
+    protected createDataStorageAccount(): void;
+    /**
+     * @summary Method to create the data storage container
+     */
+    protected createDataStorageContainer(): void;
+    /**
+     * @summary Method to generate a SAS token for the storage container and store it in Key Vault
+     */
+    protected generateStorageContainerSas(): void;
+    /**
+     * @summary Method to create and configure the function host.json
+     */
+    protected createFunctionHosts(): void;
+    /**
+     * @summary Method to create the code package archive for deployment
+     */
+    protected createCodePackage(): void;
+    /**
+     * @summary Method to create the function app site configuration
+     * - To be implemented in the overriding method in the implementation class
+     */
+    protected createFunctionAppSiteConfig(): void;
+    /**
+     * @summary Method to create the Azure Function App with Flex Consumption hosting
+     */
+    protected createFunctionApp(resourceOptions?: ResourceOptions): void;
+    /**
+     * @summary Method to get the function app managed identity principal ID
+     */
+    protected getFunctionAppPrincipalId(): Output<string>;
+    /**
+     * @summary Method to create role assignments for the function app identity
+     */
+    protected createRoleAssignments(): void;
+    /**
+     * @summary Method to get the dashboard template variables
+     */
+    protected dashboardVariables(): Record<string, any>;
+    /**
+     * @summary Method to create the Azure Portal dashboard for the function app
+     */
+    protected createFunctionDashboard(): void;
+}