@gradientedge/cdk-utils-azure 1.0.0

package/dist/src/construct/function-app/main.js

@@ -0,0 +1,374 @@
+import * as archive from '@pulumi/archive';
+import { getConfigurationStoreOutput, } from '@pulumi/azure-native/appconfiguration/index.js';
+import { getComponentOutput } from '@pulumi/azure-native/applicationinsights/index.js';
+import { SkuFamily, SkuName } from '@pulumi/azure-native/keyvault/index.js';
+import { listStorageAccountKeysOutput } from '@pulumi/azure-native/storage/index.js';
+import { AuthenticationType, FunctionsDeploymentStorageType, } from '@pulumi/azure-native/web/index.js';
+import * as pulumi from '@pulumi/pulumi';
+import fs from 'fs';
+import _ from 'lodash';
+import * as path from 'path';
+import { CommonAzureConstruct } from '../../common/index.js';
+import { CosmosRoleDefinition } from '../../services/cosmosdb/constants.js';
+import { AzureAppConfigurationManager, RoleDefinitionId } from '../../services/index.js';
+/**
+ * @classdesc Provides a construct to create and deploy an Azure Function App with Flex Consumption hosting
+ * @example
+ * import { AzureFunctionApp, AzureFunctionAppProps } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends AzureFunctionApp {
+ *   constructor(id: string, props: AzureFunctionAppProps) {
+ *     super(id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+export class AzureFunctionApp extends CommonAzureConstruct {
+    props;
+    app;
+    appServicePlan;
+    appEnvironmentVariables = {};
+    appStorageAccount;
+    appDeploymentStorageContainer;
+    appStorageContainer;
+    appConfig;
+    appCodeArchiveFile;
+    appConfigHash;
+    appKeyVaultsByResourceGroup;
+    appConnectionStrings;
+    appConfigPrefix;
+    appConfigurationsParsedConfig;
+    appConfigurationsOriginalParsedConfig;
+    dataStorageAccount;
+    dataStorageContainer;
+    applicationInsights;
+    functionDashboard;
+    constructor(id, props) {
+        super(id, props);
+        this.props = props;
+        this.id = id;
+    }
+    /**
+     * @summary Initialise and provision resources
+     */
+    initResources() {
+        this.createResourceGroup();
+        this.resolveCommonLogAnalyticsWorkspace();
+        this.resolveApplicationInsights();
+        this.createAppServicePlan();
+        this.createdParsedAppConfigurations();
+        this.createAppConfiguration();
+        this.createAppConfigurations();
+        this.createStorageAccount();
+        this.createStorageDeploymentContainer();
+        this.createStorageContainer();
+        this.createDataStorageAccount();
+        this.createDataStorageContainer();
+        this.generateStorageContainerSas();
+        this.createFunctionHosts();
+        this.createCodePackage();
+        this.createFunctionAppSiteConfig();
+        this.createFunctionApp();
+        this.createRoleAssignments();
+        this.createFunctionDashboard();
+    }
+    /**
+     * @summary Method to resolve the Application Insights instance
+     */
+    resolveApplicationInsights() {
+        if (!this.props.commonApplicationInsights || !this.props.commonApplicationInsights.resourceName)
+            return;
+        this.applicationInsights = getComponentOutput({
+            resourceName: this.props.commonApplicationInsights.resourceName,
+            resourceGroupName: this.props.commonApplicationInsights.resourceGroupName,
+        });
+    }
+    /**
+     * @summary Method to create the App Service Plan for the function app
+     */
+    createAppServicePlan() {
+        this.appServicePlan = this.appServiceManager.createAppServicePlan(`${this.id}-app-service-plan`, this, {
+            ...this.props.functionApp.servicePlan,
+            name: this.id,
+            resourceGroupName: this.resourceGroup.name,
+            location: this.resourceGroup.location,
+        });
+    }
+    /**
+     * @summary Method to create parsed app configurations
+     * - To be implemented in the overriding method in the implementation class
+     */
+    createdParsedAppConfigurations() { }
+    /**
+     * @summary Method to create or resolve the App Configuration store
+     */
+    createAppConfiguration() {
+        if (this.props.functionApp.appConfiguration) {
+            this.appConfig = this.appConfigurationManager.createConfigurationStore(`${this.id}-app-configuration`, this, {
+                ...this.props.functionApp.appConfiguration,
+                resourceGroupName: this.resourceGroup.name,
+                location: this.resourceGroup.location,
+            });
+        }
+        else if (!this.props.useConfigOverride) {
+            this.appConfig = getConfigurationStoreOutput({
+                configStoreName: this.props.existingConfigStoreName,
+                resourceGroupName: this.props.existingConfigStoreResourceGroupName,
+            });
+        }
+        this.appConfigPrefix = _.camelCase(this.id);
+    }
+    /**
+     * @summary Method to create app configurations
+     * - To be implemented in the overriding method in the implementation class
+     */
+    createAppConfigurations() { }
+    /**
+     * @summary Method to create the storage account for the function app
+     */
+    createStorageAccount() {
+        this.appStorageAccount = this.storageManager.createStorageAccount(`${this.id}-storage-account`, this, {
+            ...this.props.functionApp.storageAccount,
+            location: this.resourceGroup.location,
+            resourceGroupName: this.resourceGroup.name,
+        });
+    }
+    /**
+     * @summary Method to create the storage deployment container for the function app
+     */
+    createStorageDeploymentContainer() {
+        this.appDeploymentStorageContainer = this.storageManager.createStorageContainer(`${this.id}-storage-deployment-container`, this, {
+            ...this.props.functionApp.deploymentStorageContainer,
+            accountName: this.appStorageAccount.name,
+            resourceGroupName: this.resourceGroup.name,
+        });
+    }
+    /**
+     * @summary Method to create the storage container for the function app
+     */
+    createStorageContainer() {
+        if (!this.props.functionApp.storageContainer)
+            return;
+        this.appStorageContainer = this.storageManager.createStorageContainer(`${this.id}-storage-container`, this, {
+            ...this.props.functionApp.storageContainer,
+            accountName: this.appStorageAccount.name,
+            resourceGroupName: this.resourceGroup.name,
+        });
+        this.appEnvironmentVariables = {
+            ...this.appEnvironmentVariables,
+            AZURE_STORAGE_ACCOUNT_NAME: this.appStorageAccount.name,
+        };
+    }
+    /**
+     * @summary Method to create the data storage account
+     */
+    createDataStorageAccount() {
+        if (!this.props.dataStorageAccount)
+            return;
+        this.dataStorageAccount = this.storageManager.createStorageAccount(`${this.id}-data-storage-account`, this, {
+            ...this.props.dataStorageAccount,
+            resourceGroupName: this.resourceGroup.name,
+            location: this.resourceGroup.location,
+        });
+        this.appEnvironmentVariables = {
+            ...this.appEnvironmentVariables,
+            AZURE_STORAGE_ACCOUNT_NAME: this.dataStorageAccount.name,
+        };
+    }
+    /**
+     * @summary Method to create the data storage container
+     */
+    createDataStorageContainer() {
+        if (!this.props.dataStorageContainer)
+            return;
+        this.dataStorageContainer = this.storageManager.createStorageContainer(`${this.id}-data-storage-container`, this, {
+            ...this.props.dataStorageContainer,
+            accountName: this.dataStorageAccount.name,
+            resourceGroupName: this.resourceGroup.name,
+        });
+    }
+    /**
+     * @summary Method to generate a SAS token for the storage container and store it in Key Vault
+     */
+    generateStorageContainerSas() {
+        if (!this.props.dataStorageContainerSas)
+            return;
+        const sasToken = this.storageManager.generateContainerSasToken(`${this.id}-storage-container`, this, this.props.dataStorageContainerSas, this.dataStorageAccount);
+        const keyVault = this.keyVaultManager.createKeyVault(`${this.id}`, this, {
+            vaultName: this.props.dataKeyVaultName,
+            location: this.resourceGroup.location,
+            resourceGroupName: this.resourceGroup.name,
+            properties: {
+                sku: {
+                    name: SkuName.Standard,
+                    family: SkuFamily.A,
+                },
+                tenantId: this.props.tenantId ?? '',
+            },
+        }, { ignoreChanges: ['location'] });
+        this.monitorManager.createMonitorDiagnosticSettings(`${this.id}-${this.props.dataKeyVaultName}`, this, {
+            name: `${this.props.dataKeyVaultName}-keyvault`,
+            resourceUri: keyVault.id,
+            workspaceId: this.commonLogAnalyticsWorkspace.id,
+            logAnalyticsDestinationType: 'Dedicated',
+            logs: [
+                {
+                    categoryGroup: 'allLogs',
+                    enabled: true,
+                },
+            ],
+            metrics: [
+                {
+                    category: 'AllMetrics',
+                    enabled: true,
+                },
+            ],
+        });
+        this.keyVaultManager.createKeyVaultSecret(`${this.id}-sas-token-secret`, this, {
+            vaultName: keyVault.name,
+            secretName: this.props.dataKeyVaultSecretName,
+            resourceGroupName: this.resourceGroup.name,
+            properties: {
+                value: sasToken,
+            },
+        });
+    }
+    /**
+     * @summary Method to create and configure the function host.json
+     */
+    createFunctionHosts() {
+        const currentDirectory = path.resolve();
+        const hostsJsonFile = `${currentDirectory}/${this.props.functionApp.deploySource}/host.json`;
+        if (!fs.existsSync(hostsJsonFile))
+            return;
+        const sourceHostsConfig = JSON.parse(fs.readFileSync(hostsJsonFile).toString('utf-8'));
+        const hostsConfig = _.merge(sourceHostsConfig, this.props.hostsConfiguration, this.props.functionApp.hostsConfiguration);
+        fs.writeFileSync(hostsJsonFile, JSON.stringify(hostsConfig, null, 2));
+    }
+    /**
+     * @summary Method to create the code package archive for deployment
+     */
+    createCodePackage() {
+        const currentDirectory = path.resolve();
+        this.appCodeArchiveFile = archive.getFileOutput({
+            type: 'zip',
+            sourceDir: `${currentDirectory}/${this.props.functionApp.deploySource}`,
+            outputPath: `${currentDirectory}/${this.props.functionApp.deploySource}/${this.props.functionApp.packageName}`,
+            excludes: ['*.zip'],
+        });
+    }
+    /**
+     * @summary Method to create the function app site configuration
+     * - To be implemented in the overriding method in the implementation class
+     */
+    createFunctionAppSiteConfig() { }
+    /**
+     * @summary Method to create the Azure Function App with Flex Consumption hosting
+     */
+    createFunctionApp(resourceOptions) {
+        this.app = this.functionManager.createFunctionAppFlexConsumption(`${this.id}-function-app-flex`, this, {
+            ...this.props.functionApp,
+            name: this.props.functionApp.app.name ?? this.id,
+            serverFarmId: this.appServicePlan.id,
+            resourceGroupName: this.resourceGroup.name,
+            functionAppConfig: {
+                deployment: {
+                    storage: {
+                        type: FunctionsDeploymentStorageType.BlobContainer,
+                        value: pulumi.interpolate `${this.appStorageAccount.primaryEndpoints.apply(e => e?.blob)}${this.appDeploymentStorageContainer.name}`,
+                        authentication: {
+                            type: AuthenticationType.StorageAccountConnectionString,
+                            storageAccountConnectionStringName: 'AzureWebJobsStorage',
+                        },
+                    },
+                },
+            },
+            siteConfig: {
+                appSettings: [
+                    ..._.map(this.appEnvironmentVariables, (value, name) => ({ name, value })),
+                    {
+                        name: 'APPLICATIONINSIGHTS_CONNECTION_STRING',
+                        value: this.applicationInsights.connectionString,
+                    },
+                    {
+                        name: 'APPINSIGHTS_INSTRUMENTATIONKEY',
+                        value: this.applicationInsights.instrumentationKey,
+                    },
+                    {
+                        name: 'AzureWebJobsStorage',
+                        value: pulumi.interpolate `DefaultEndpointsProtocol=https;AccountName=${this.appStorageAccount.name};AccountKey=${listStorageAccountKeysOutput({
+                            resourceGroupName: this.resourceGroup.name,
+                            accountName: this.appStorageAccount.name,
+                        }).keys[0].value};EndpointSuffix=core.windows.net`,
+                    },
+                ],
+                connectionStrings: Object.fromEntries(this.appConnectionStrings.map(cs => [cs.name, { type: cs.type, value: cs.value }])),
+            },
+            httpsOnly: this.props.functionApp.app.httpsOnly ?? true,
+        }, { ...resourceOptions });
+    }
+    /**
+     * @summary Method to get the function app managed identity principal ID
+     */
+    getFunctionAppPrincipalId() {
+        return this.app.identity.apply(identity => (identity?.principalId ? identity.principalId : ''));
+    }
+    /**
+     * @summary Method to create role assignments for the function app identity
+     */
+    createRoleAssignments() {
+        if (this.props.dataStorageAccount) {
+            this.authorisationManager.grantRoleAssignmentToStorageAccount(`${this.id}-data`, this, this.dataStorageAccount.id, this.getFunctionAppPrincipalId(), RoleDefinitionId.STORAGE_BLOB_DATA_CONTRIBUTOR);
+        }
+        this.authorisationManager.grantRoleAssignmentToStorageAccount(this.id, this, this.appStorageAccount.id, this.getFunctionAppPrincipalId(), RoleDefinitionId.STORAGE_BLOB_DATA_CONTRIBUTOR);
+        if (!this.props.useConfigOverride) {
+            this.authorisationManager.grantRoleAssignmentToApplicationConfiguration(this.id, this, this.appConfig.id, this.getFunctionAppPrincipalId(), RoleDefinitionId.APP_CONFIGURATION_DATA_READER);
+        }
+        if (this.appConfigurationsParsedConfig &&
+            AzureAppConfigurationManager.hasCosmosDependencies(this.appConfigurationsParsedConfig)) {
+            this.cosmosDbManager.grantSqlRoleDefinitionToAccount(this.id, this, this.props.existingCosmosAccountName, this.props.existingCosmosAccountResourceGroupName, this.getFunctionAppPrincipalId(), [CosmosRoleDefinition.CONTRIBUTOR, CosmosRoleDefinition.READER]);
+        }
+        if (this.appKeyVaultsByResourceGroup && this.appKeyVaultsByResourceGroup.size > 0) {
+            this.appKeyVaultsByResourceGroup.forEach((keyVaultNames, resourceGroup) => {
+                keyVaultNames.forEach(keyVaultName => {
+                    this.authorisationManager.grantRoleAssignmentToKeyVault(this.id, this, keyVaultName, resourceGroup, this.getFunctionAppPrincipalId(), RoleDefinitionId.KEY_VAULT_SECRETS_USER);
+                });
+            });
+        }
+        if (AzureAppConfigurationManager.hasEventGridTargets(this.appConfigurationsParsedConfig)) {
+            this.authorisationManager.grantRoleAssignmentToEventgridTopic(this.id, this, this.props.existingTopicName, this.props.existingTopicResourceGroupName, this.getFunctionAppPrincipalId(), RoleDefinitionId.EVENTGRID_DATA_SENDER);
+        }
+    }
+    /**
+     * @summary Method to get the dashboard template variables
+     */
+    dashboardVariables() {
+        return {
+            displayName: this.props.functionApp.dashboard.displayName,
+            name: this.id,
+            subscriptionId: this.props.subscriptionId,
+            functionAppName: this.app.name,
+            functionAppResourceGroupName: this.resourceGroup.name,
+            insightsAppName: this.applicationInsights.name,
+            insightsAppResourceGroupName: this.props.commonLogAnalyticsWorkspace?.resourceGroupName,
+        };
+    }
+    /**
+     * @summary Method to create the Azure Portal dashboard for the function app
+     */
+    createFunctionDashboard() {
+        if (!this.props.functionApp.dashboard?.enabled)
+            return;
+        this.functionDashboard = this.portalManager.createDashBoard(`${this.id}-dsh`, this, {
+            displayName: this.props.functionApp.dashboard.displayName,
+            location: this.props.locationConfig?.[this.props.location].name,
+            dashboardName: this.id,
+            resourceGroupName: this.resourceGroup.name,
+            variables: this.dashboardVariables(),
+            panes: this.props.functionApp.dashboard.panes,
+            properties: this.appConfigurationsOriginalParsedConfig.appConfig,
+        });
+    }
+}

package/dist/src/construct/function-app/types.d.ts

@@ -0,0 +1,33 @@
+import { AppConfigurationProps, CommonAzureStackProps, ContainerSasTokenProps, FunctionAppFlexConsumptionProps, PortalDashboardProps, ServicePlanProps, StorageAccountProps, StorageContainerProps } from '../../index.js';
+export interface OtelProps {
+    otelTracesSamplerArg: string;
+}
+export interface FunctionAppProperties {
+    app: FunctionAppFlexConsumptionProps;
+    appConfiguration: AppConfigurationProps;
+    dashboard: PortalDashboardProps;
+    deploymentStorageContainer: StorageContainerProps;
+    deploySource: string;
+    hostsConfiguration?: string;
+    packageName: string;
+    servicePlan: ServicePlanProps;
+    storageAccount: StorageAccountProps;
+    storageContainer: StorageContainerProps;
+    timerTriggerCronExpression: string;
+}
+export interface AzureFunctionAppProps extends CommonAzureStackProps {
+    existingTopicName: string;
+    existingTopicResourceGroupName: string;
+    existingCosmosAccountResourceGroupName: string;
+    existingCosmosAccountName: string;
+    hostsConfiguration: any;
+    existingConfigStoreResourceGroupName: string;
+    existingConfigStoreName: string;
+    functionApp: FunctionAppProperties;
+    useConfigOverride?: boolean;
+    dataStorageContainer: StorageContainerProps;
+    dataStorageAccount: StorageAccountProps;
+    dataStorageContainerSas: ContainerSasTokenProps;
+    dataKeyVaultName: string;
+    dataKeyVaultSecretName: string;
+}

package/dist/src/construct/function-app/types.js

@@ -0,0 +1 @@
+export {};

package/dist/src/construct/index.d.ts

@@ -0,0 +1,6 @@
+export * from './event-handler/index.js';
+export * from './function-app/index.js';
+export * from './rest-api-function/index.js';
+export * from './rest-api-with-cache/index.js';
+export * from './rest-api/index.js';
+export * from './site-with-webapp/index.js';

package/dist/src/construct/index.js

@@ -0,0 +1,6 @@
+export * from './event-handler/index.js';
+export * from './function-app/index.js';
+export * from './rest-api-function/index.js';
+export * from './rest-api-with-cache/index.js';
+export * from './rest-api/index.js';
+export * from './site-with-webapp/index.js';

package/dist/src/construct/rest-api/index.d.ts

@@ -0,0 +1,2 @@
+export * from './main.js';
+export * from './types.js';

package/dist/src/construct/rest-api/index.js

@@ -0,0 +1,2 @@
+export * from './main.js';
+export * from './types.js';

package/dist/src/construct/rest-api/main.d.ts

@@ -0,0 +1,64 @@
+import { GetComponentResult } from '@pulumi/azure-native/applicationinsights/index.js';
+import { Output } from '@pulumi/pulumi';
+import { CommonAzureConstruct } from '../../common/index.js';
+import { AzureApi, AzureRestApiProps } from './types.js';
+/**
+ * @classdesc Provides a construct to create and deploy an Azure API Management service with diagnostics and logging
+ * @example
+ * import { AzureRestApi, AzureRestApiProps } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends AzureRestApi {
+ *   constructor(id: string, props: AzureRestApiProps) {
+ *     super(id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+export declare class AzureRestApi extends CommonAzureConstruct {
+    props: AzureRestApiProps;
+    api: AzureApi;
+    applicationInsights: Output<GetComponentResult>;
+    constructor(id: string, props: AzureRestApiProps);
+    /**
+     * @summary Initialise and provision resources
+     */
+    initResources(): void;
+    /**
+     * @summary Method to resolve the API authentication Key Vault
+     */
+    protected resolveApiKeyVault(): void;
+    /**
+     * @summary Method to resolve the Application Insights instance
+     */
+    protected resolveApplicationInsights(): void;
+    /**
+     * @summary Method to create or resolve an existing API Management service
+     */
+    protected createApiManagement(): void;
+    /**
+     * @summary Method to create the Key Vault role assignment for the API Management identity
+     */
+    protected createNamespaceSecretRole(): void;
+    /**
+     * @summary Method to create the namespace secret in Key Vault for Application Insights
+     */
+    protected createNamespaceSecret(): void;
+    /**
+     * @summary Method to create the API Management subscription and store the key in Key Vault
+     */
+    protected createSubscriptionKeySecret(): void;
+    /**
+     * @summary Method to create the API Management logger with Application Insights integration
+     */
+    protected createApiManagementLogger(): void;
+    /**
+     * @summary Method to create the API diagnostic settings for API Management
+     */
+    protected createApiDiagnostic(): void;
+    /**
+     * @summary Method to create the Monitor diagnostic log settings for API Management
+     */
+    protected createDiagnosticLog(): void;
+}