@gradientedge/cdk-utils-azure 1.0.0

package/dist/src/services/application-insights/main.js

@@ -0,0 +1,68 @@
+import { ApplicationType, Component, ComponentCurrentBillingFeature, } from '@pulumi/azure-native/applicationinsights/index.js';
+/**
+ * @classdesc Provides operations on Azure Application Insights using Pulumi
+ * - A new instance of this class is injected into {@link CommonAzureConstruct} constructor.
+ * - If a custom construct extends {@link CommonAzureConstruct}, an instance is available within the context.
+ * @example
+ * ```typescript
+ * import { CommonAzureConstruct, CommonAzureStackProps } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends CommonAzureConstruct {
+ *   constructor(name: string, props: CommonAzureStackProps) {
+ *     super(name, props)
+ *     this.props = props
+ *     this.applicationInsightsManager.createApplicationInsights('MyApplicationInsights', this, props)
+ *   }
+ * }
+ * ```
+ */
+export class AzureApplicationInsightsManager {
+    /**
+     * @summary Method to create a new application insights component
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props application insights component properties
+     * @param resourceOptions Optional settings to control resource behaviour
+     * @see [Pulumi Azure Native Application Insights Component]{@link https://www.pulumi.com/registry/packages/azure-native/api-docs/insights/component/}
+     */
+    createComponent(id, scope, props, resourceOptions) {
+        if (!props)
+            throw `Props undefined for ${id}`;
+        // Get resource group name
+        const resourceGroupName = scope.props.resourceGroupName
+            ? `${scope.props.resourceGroupName}-${scope.props.stage}`
+            : props.resourceGroupName;
+        if (!resourceGroupName)
+            throw `Resource group name undefined for ${id}`;
+        const component = new Component(`${id}-ai`, {
+            ...props,
+            resourceName: scope.resourceNameFormatter.format(props.resourceName?.toString(), scope.props.resourceNameOptions?.applicationInsights),
+            resourceGroupName: resourceGroupName,
+            applicationType: props.applicationType ?? ApplicationType.Web,
+            kind: props.kind ?? 'web',
+            tags: props.tags ?? {
+                environment: scope.props.stage,
+            },
+        }, { parent: scope, ...resourceOptions });
+        if (props.billingFeatures) {
+            this.createComponentCurrentBillingFeature(`${id}-billing`, scope, props.billingFeatures, {
+                parent: scope,
+                ...resourceOptions,
+            });
+        }
+        return component;
+    }
+    /**
+     * @summary Method to create a new application insights component billing feature
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props application insights properties component billing featureø
+     * @param resourceOptions Optional settings to control resource behaviour
+     * @see [Pulumi Azure Native Application Insights Billing Feature]{@link https://www.pulumi.com/registry/packages/azure-native/api-docs/insights/componentcurrentbillingfeature/}
+     */
+    createComponentCurrentBillingFeature(id, scope, props, resourceOptions) {
+        if (!props)
+            throw `Props undefined for ${id}`;
+        return new ComponentCurrentBillingFeature(`${id}`, props, { parent: scope, ...resourceOptions });
+    }
+}

package/dist/src/services/application-insights/types.d.ts

@@ -0,0 +1,6 @@
+import { ComponentArgs, ComponentCurrentBillingFeatureArgs } from '@pulumi/azure-native/applicationinsights/index.js';
+export interface ComponentCurrentBillingFeatureProps extends ComponentCurrentBillingFeatureArgs {
+}
+export interface ApplicationInsightsProps extends ComponentArgs {
+    billingFeatures?: ComponentCurrentBillingFeatureProps;
+}

package/dist/src/services/application-insights/types.js

@@ -0,0 +1 @@
+export {};

package/dist/src/services/authorisation/constants.d.ts

@@ -0,0 +1,13 @@
+/**
+ * @summary Enumerations for publicly available built in RBAC roles
+ * @see https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
+ */
+export declare enum RoleDefinitionId {
+    APP_CONFIGURATION_DATA_READER = "/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
+    APP_CONFIGURATION_DATA_OWNER = "/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
+    EVENTGRID_DATA_SENDER = "/providers/Microsoft.Authorization/roleDefinitions/d5a91429-5739-47e2-a06b-3470a27159e7",
+    KEY_VAULT_CERTIFICATE_USER = "/providers/Microsoft.Authorization/roleDefinitions/db79e9a7-68ee-4b58-9aeb-b90e7c24fcba",
+    KEY_VAULT_SECRETS_USER = "/providers/Microsoft.Authorization/roleDefinitions/4633458b-17de-408a-b874-0445c86b69e6",
+    STORAGE_BLOB_DATA_CONTRIBUTOR = "/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
+    STORAGE_TABLE_DATA_CONTRIBUTOR = "/providers/Microsoft.Authorization/roleDefinitions/0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3"
+}

package/dist/src/services/authorisation/constants.js

@@ -0,0 +1,14 @@
+/**
+ * @summary Enumerations for publicly available built in RBAC roles
+ * @see https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
+ */
+export var RoleDefinitionId;
+(function (RoleDefinitionId) {
+    RoleDefinitionId["APP_CONFIGURATION_DATA_READER"] = "/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071";
+    RoleDefinitionId["APP_CONFIGURATION_DATA_OWNER"] = "/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b";
+    RoleDefinitionId["EVENTGRID_DATA_SENDER"] = "/providers/Microsoft.Authorization/roleDefinitions/d5a91429-5739-47e2-a06b-3470a27159e7";
+    RoleDefinitionId["KEY_VAULT_CERTIFICATE_USER"] = "/providers/Microsoft.Authorization/roleDefinitions/db79e9a7-68ee-4b58-9aeb-b90e7c24fcba";
+    RoleDefinitionId["KEY_VAULT_SECRETS_USER"] = "/providers/Microsoft.Authorization/roleDefinitions/4633458b-17de-408a-b874-0445c86b69e6";
+    RoleDefinitionId["STORAGE_BLOB_DATA_CONTRIBUTOR"] = "/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe";
+    RoleDefinitionId["STORAGE_TABLE_DATA_CONTRIBUTOR"] = "/providers/Microsoft.Authorization/roleDefinitions/0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3";
+})(RoleDefinitionId || (RoleDefinitionId = {}));

package/dist/src/services/authorisation/index.d.ts

@@ -0,0 +1,3 @@
+export * from './constants.js';
+export * from './main.js';
+export * from './types.js';

package/dist/src/services/authorisation/index.js

@@ -0,0 +1,3 @@
+export * from './constants.js';
+export * from './main.js';
+export * from './types.js';

package/dist/src/services/authorisation/main.d.ts

@@ -0,0 +1,84 @@
+import { Input, ResourceOptions } from '@pulumi/pulumi';
+import { CommonAzureConstruct } from '../../common/index.js';
+import { RoleDefinitionId } from './constants.js';
+import { RoleAssignmentProps } from './types.js';
+/**
+ * @classdesc Provides operations on Azure Authorisation using Pulumi
+ * - A new instance of this class is injected into {@link CommonAzureConstruct} constructor.
+ * - If a custom construct extends {@link CommonAzureConstruct}, an instance is available within the context.
+ * @example
+ * ```typescript
+ * import { CommonAzureConstruct, CommonAzureStackProps } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends CommonAzureConstruct {
+ *   constructor(name: string, props: CommonAzureStackProps) {
+ *     super(name, props)
+ *     this.props = props
+ *     this.authorisationManager.createRoleAssignment('MyRoleAssignment', this, props)
+ *   }
+ * }
+ * ```
+ */
+export declare class AzureAuthorisationManager {
+    /**
+     * @summary Method to create a new role assignment
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props Role assignment properties
+     * @param resourceOptions Optional settings to control resource behaviour
+     * @see [Pulumi Azure Native Role Assignment]{@link https://www.pulumi.com/registry/packages/azure-native/api-docs/authorization/roleassignment/}
+     */
+    createRoleAssignment(id: string, scope: CommonAzureConstruct, props: RoleAssignmentProps, resourceOptions?: ResourceOptions): import("@pulumi/azure-native/authorization/roleAssignment.js").RoleAssignment;
+    /**
+     * @summary Method to grant a role assignment to key vault
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param vaultName the key vault name
+     * @param resourceGroupName the resource group name
+     * @param principalId the principal id to which the role is assigned to
+     * @param roleDefinitionId the role definition id
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    grantRoleAssignmentToKeyVault(id: string, scope: CommonAzureConstruct, vaultName: string, resourceGroupName: string, principalId: Input<string>, roleDefinitionId: RoleDefinitionId, resourceOptions?: ResourceOptions): import("@pulumi/azure-native/authorization/roleAssignment.js").RoleAssignment;
+    /**
+     * @summary Method to grant a role assignment to event grid topic
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param topicName the topic name
+     * @param resourceGroupName the resource group name
+     * @param principalId the principal id to which the role is assigned to
+     * @param roleDefinitionId the role definition id
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    grantRoleAssignmentToEventgridTopic(id: string, scope: CommonAzureConstruct, topicName: string, resourceGroupName: string, principalId: Input<string>, roleDefinitionId: RoleDefinitionId, resourceOptions?: ResourceOptions): import("@pulumi/azure-native/authorization/roleAssignment.js").RoleAssignment;
+    /**
+     * @summary Method to grant a role assignment to application configuration
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param appConfigId the application configuration id
+     * @param principalId the principal id to which the role is assigned to
+     * @param roleDefinitionId the role definition id
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    grantRoleAssignmentToApplicationConfiguration(id: string, scope: CommonAzureConstruct, appConfigId: Input<string>, principalId: Input<string>, roleDefinitionId: RoleDefinitionId, resourceOptions?: ResourceOptions): import("@pulumi/azure-native/authorization/roleAssignment.js").RoleAssignment;
+    /**
+     * @summary Method to grant a role assignment to storage account
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param accountId the storage account id
+     * @param principalId the principal id to which the role is assigned to
+     * @param roleDefinitionId the role definition id
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    grantRoleAssignmentToStorageAccount(id: string, scope: CommonAzureConstruct, accountId: Input<string>, principalId: Input<string>, roleDefinitionId: RoleDefinitionId, resourceOptions?: ResourceOptions): import("@pulumi/azure-native/authorization/roleAssignment.js").RoleAssignment;
+    /**
+     * @summary Method to grant a role assignment to storage table
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param tableId the storage table id
+     * @param principalId the principal id to which the role is assigned to
+     * @param roleDefinitionId the role definition id
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    grantRoleAssignmentToStorageTable(id: string, scope: CommonAzureConstruct, tableId: Input<string>, principalId: Input<string>, roleDefinitionId: RoleDefinitionId, resourceOptions?: ResourceOptions): import("@pulumi/azure-native/authorization/roleAssignment.js").RoleAssignment;
+}

package/dist/src/services/authorisation/main.js

@@ -0,0 +1,120 @@
+import { RoleAssignment } from '@pulumi/azure-native/authorization/index.js';
+/**
+ * @classdesc Provides operations on Azure Authorisation using Pulumi
+ * - A new instance of this class is injected into {@link CommonAzureConstruct} constructor.
+ * - If a custom construct extends {@link CommonAzureConstruct}, an instance is available within the context.
+ * @example
+ * ```typescript
+ * import { CommonAzureConstruct, CommonAzureStackProps } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends CommonAzureConstruct {
+ *   constructor(name: string, props: CommonAzureStackProps) {
+ *     super(name, props)
+ *     this.props = props
+ *     this.authorisationManager.createRoleAssignment('MyRoleAssignment', this, props)
+ *   }
+ * }
+ * ```
+ */
+export class AzureAuthorisationManager {
+    /**
+     * @summary Method to create a new role assignment
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props Role assignment properties
+     * @param resourceOptions Optional settings to control resource behaviour
+     * @see [Pulumi Azure Native Role Assignment]{@link https://www.pulumi.com/registry/packages/azure-native/api-docs/authorization/roleassignment/}
+     */
+    createRoleAssignment(id, scope, props, resourceOptions) {
+        if (!props)
+            throw `Props undefined for ${id}`;
+        return new RoleAssignment(`${id}`, props, { parent: scope, ...resourceOptions });
+    }
+    /**
+     * @summary Method to grant a role assignment to key vault
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param vaultName the key vault name
+     * @param resourceGroupName the resource group name
+     * @param principalId the principal id to which the role is assigned to
+     * @param roleDefinitionId the role definition id
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    grantRoleAssignmentToKeyVault(id, scope, vaultName, resourceGroupName, principalId, roleDefinitionId, resourceOptions) {
+        const keyVault = scope.keyVaultManager.resolveKeyVault(scope, vaultName, resourceGroupName, resourceOptions);
+        return this.createRoleAssignment(`${id}-kv-role-${vaultName}`, scope, {
+            principalId,
+            roleDefinitionId,
+            scope: keyVault.id,
+        }, resourceOptions);
+    }
+    /**
+     * @summary Method to grant a role assignment to event grid topic
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param topicName the topic name
+     * @param resourceGroupName the resource group name
+     * @param principalId the principal id to which the role is assigned to
+     * @param roleDefinitionId the role definition id
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    grantRoleAssignmentToEventgridTopic(id, scope, topicName, resourceGroupName, principalId, roleDefinitionId, resourceOptions) {
+        const topic = scope.eventgridManager.resolveEventgridTopic(`${id}-egt-role-${topicName}`, scope, {
+            topicName,
+            resourceGroupName,
+        }, resourceOptions);
+        return this.createRoleAssignment(`${id}-egt-role-${topicName}`, scope, {
+            principalId,
+            roleDefinitionId,
+            scope: topic.id,
+        }, resourceOptions);
+    }
+    /**
+     * @summary Method to grant a role assignment to application configuration
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param appConfigId the application configuration id
+     * @param principalId the principal id to which the role is assigned to
+     * @param roleDefinitionId the role definition id
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    grantRoleAssignmentToApplicationConfiguration(id, scope, appConfigId, principalId, roleDefinitionId, resourceOptions) {
+        return this.createRoleAssignment(`${id}-ac-role`, scope, {
+            principalId,
+            roleDefinitionId,
+            scope: appConfigId,
+        }, resourceOptions);
+    }
+    /**
+     * @summary Method to grant a role assignment to storage account
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param accountId the storage account id
+     * @param principalId the principal id to which the role is assigned to
+     * @param roleDefinitionId the role definition id
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    grantRoleAssignmentToStorageAccount(id, scope, accountId, principalId, roleDefinitionId, resourceOptions) {
+        return this.createRoleAssignment(`${id}-sa-role`, scope, {
+            principalId,
+            roleDefinitionId,
+            scope: accountId,
+        }, resourceOptions);
+    }
+    /**
+     * @summary Method to grant a role assignment to storage table
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param tableId the storage table id
+     * @param principalId the principal id to which the role is assigned to
+     * @param roleDefinitionId the role definition id
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    grantRoleAssignmentToStorageTable(id, scope, tableId, principalId, roleDefinitionId, resourceOptions) {
+        return this.createRoleAssignment(`${id}-st-role`, scope, {
+            principalId,
+            roleDefinitionId,
+            scope: tableId,
+        }, resourceOptions);
+    }
+}

package/dist/src/services/authorisation/types.d.ts

@@ -0,0 +1,3 @@
+import { RoleAssignmentArgs } from '@pulumi/azure-native/authorization/index.js';
+export interface RoleAssignmentProps extends RoleAssignmentArgs {
+}

package/dist/src/services/authorisation/types.js

@@ -0,0 +1 @@
+export {};

package/dist/src/services/cosmosdb/constants.d.ts

@@ -0,0 +1,8 @@
+export declare enum CosmosRoleDefinition {
+    CONTRIBUTOR = "CONTRIBUTOR",
+    READER = "READER"
+}
+export declare enum CosmosRoleDefinitionId {
+    CONTRIBUTOR = "00000000-0000-0000-0000-000000000001",
+    READER = "00000000-0000-0000-0000-000000000002"
+}

package/dist/src/services/cosmosdb/constants.js

@@ -0,0 +1,10 @@
+export var CosmosRoleDefinition;
+(function (CosmosRoleDefinition) {
+    CosmosRoleDefinition["CONTRIBUTOR"] = "CONTRIBUTOR";
+    CosmosRoleDefinition["READER"] = "READER";
+})(CosmosRoleDefinition || (CosmosRoleDefinition = {}));
+export var CosmosRoleDefinitionId;
+(function (CosmosRoleDefinitionId) {
+    CosmosRoleDefinitionId["CONTRIBUTOR"] = "00000000-0000-0000-0000-000000000001";
+    CosmosRoleDefinitionId["READER"] = "00000000-0000-0000-0000-000000000002";
+})(CosmosRoleDefinitionId || (CosmosRoleDefinitionId = {}));

package/dist/src/services/cosmosdb/index.d.ts

@@ -0,0 +1,3 @@
+export * from './constants.js';
+export * from './main.js';
+export * from './types.js';

package/dist/src/services/cosmosdb/index.js

@@ -0,0 +1,3 @@
+export * from './constants.js';
+export * from './main.js';
+export * from './types.js';

package/dist/src/services/cosmosdb/main.d.ts

@@ -0,0 +1,87 @@
+import { Input, ResourceOptions } from '@pulumi/pulumi';
+import { CommonAzureConstruct } from '../../common/index.js';
+import { CosmosRoleDefinition } from './constants.js';
+import { CosmosdbAccountProps, CosmosdbSqlContainerProps, CosmosdbSqlDatabaseProps, SqlResourceSqlRoleAssignmentProps } from './types.js';
+/**
+ * @classdesc Provides operations on Azure CosmosDB using Pulumi
+ * - A new instance of this class is injected into {@link CommonAzureConstruct} constructor.
+ * - If a custom construct extends {@link CommonAzureConstruct}, an instance is available within the context.
+ * @example
+ * ```typescript
+ * import { CommonAzureConstruct, CommonAzureStackProps } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends CommonAzureConstruct {
+ *   constructor(name: string, props: CommonAzureStackProps) {
+ *     super(name, props)
+ *     this.props = props
+ *     this.CosmosDbManager.createCosmosDbAccount('MyCosmosDb', this, props)
+ *   }
+ * }
+ * ```
+ */
+export declare class AzureCosmosDbManager {
+    /**
+     * @summary Method to create a new cosmosdb account
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props cosmosdb account properties
+     * @param resourceOptions Optional settings to control resource behaviour
+     * @see [Pulumi Azure Native CosmosDB Database Account]{@link https://www.pulumi.com/registry/packages/azure-native/api-docs/documentdb/databaseaccount/}
+     */
+    createCosmosDbAccount(id: string, scope: CommonAzureConstruct, props: CosmosdbAccountProps, resourceOptions?: ResourceOptions): import("@pulumi/azure-native/cosmosdb/databaseAccount.js").DatabaseAccount;
+    /**
+     * @summary Method to create a new cosmosdb database
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props cosmosdb database properties
+     * @param resourceOptions Optional settings to control resource behaviour
+     * @see [Pulumi Azure Native CosmosDB SQL Database]{@link https://www.pulumi.com/registry/packages/azure-native/api-docs/documentdb/sqlresourcesqldatabase/}
+     */
+    createCosmosDbDatabase(id: string, scope: CommonAzureConstruct, props: CosmosdbSqlDatabaseProps, resourceOptions?: ResourceOptions): import("@pulumi/azure-native/cosmosdb/sqlResourceSqlDatabase.js").SqlResourceSqlDatabase;
+    /**
+     * @summary Method to create a new cosmosdb container
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props cosmosdb container properties
+     * @param resourceOptions Optional settings to control resource behaviour
+     * @see [Pulumi Azure Native CosmosDB SQL Container]{@link https://www.pulumi.com/registry/packages/azure-native/api-docs/documentdb/sqlresourcesqlcontainer/}
+     */
+    createCosmosDbContainer(id: string, scope: CommonAzureConstruct, props: CosmosdbSqlContainerProps, resourceOptions?: ResourceOptions): import("@pulumi/azure-native/cosmosdb/sqlResourceSqlContainer.js").SqlResourceSqlContainer;
+    /**
+     * @summary Method to create a sql role assignment
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props sql role assignment properties
+     * @param resourceOptions Optional settings to control resource behaviour
+     * @see [Pulumi Azure Native CosmosDB SQL Role Assignment]{@link https://www.pulumi.com/registry/packages/azure-native/api-docs/documentdb/sqlresourcesqlroleassignment/}
+     */
+    createSqlResourceSqlRoleAssignment(id: string, scope: CommonAzureConstruct, props: SqlResourceSqlRoleAssignmentProps, resourceOptions?: ResourceOptions): import("@pulumi/azure-native/cosmosdb/sqlResourceSqlRoleAssignment.js").SqlResourceSqlRoleAssignment;
+    /**
+     * @summary Method to resolve an existing cosmosdb account
+     * @param scope scope in which this resource is defined
+     * @param accountName the account name
+     * @param resourceGroupName the resource group name
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    resolveCosmosDbAccount(scope: CommonAzureConstruct, accountName: string, resourceGroupName: string, resourceOptions?: ResourceOptions): import("@pulumi/pulumi").Output<import("@pulumi/azure-native/cosmosdb/getDatabaseAccount.js").GetDatabaseAccountResult>;
+    /**
+     * @summary Method to resolve an existing sql role definition
+     * @param scope scope in which this resource is defined
+     * @param accountName the account name
+     * @param resourceGroupName the resource group name
+     * @param roleDefinitionId the role definition id
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    resolveSqlRoleDefinition(scope: CommonAzureConstruct, accountName: Input<string>, resourceGroupName: string, roleDefinitionId: string, resourceOptions?: ResourceOptions): import("@pulumi/pulumi").Output<import("@pulumi/azure-native/cosmosdb/getSqlResourceSqlRoleDefinition.js").GetSqlResourceSqlRoleDefinitionResult>;
+    /**
+     * @summary Method to assign a sql role assignment
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param accountName the account name
+     * @param resourceGroupName the resource group name
+     * @param principalId the principal id to which the role is assigned to
+     * @param roleDefinitions list of role definitions to
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    grantSqlRoleDefinitionToAccount(id: string, scope: CommonAzureConstruct, accountName: string, resourceGroupName: string, principalId: Input<string>, roleDefinitions: CosmosRoleDefinition[], resourceOptions?: ResourceOptions): void;
+}

package/dist/src/services/cosmosdb/main.js

@@ -0,0 +1,162 @@
+import { DatabaseAccount, getDatabaseAccountOutput, getSqlResourceSqlRoleDefinitionOutput, ResourceIdentityType, SqlResourceSqlContainer, SqlResourceSqlDatabase, SqlResourceSqlRoleAssignment, } from '@pulumi/azure-native/cosmosdb/index.js';
+import { CosmosRoleDefinition, CosmosRoleDefinitionId } from './constants.js';
+/**
+ * @classdesc Provides operations on Azure CosmosDB using Pulumi
+ * - A new instance of this class is injected into {@link CommonAzureConstruct} constructor.
+ * - If a custom construct extends {@link CommonAzureConstruct}, an instance is available within the context.
+ * @example
+ * ```typescript
+ * import { CommonAzureConstruct, CommonAzureStackProps } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends CommonAzureConstruct {
+ *   constructor(name: string, props: CommonAzureStackProps) {
+ *     super(name, props)
+ *     this.props = props
+ *     this.CosmosDbManager.createCosmosDbAccount('MyCosmosDb', this, props)
+ *   }
+ * }
+ * ```
+ */
+export class AzureCosmosDbManager {
+    /**
+     * @summary Method to create a new cosmosdb account
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props cosmosdb account properties
+     * @param resourceOptions Optional settings to control resource behaviour
+     * @see [Pulumi Azure Native CosmosDB Database Account]{@link https://www.pulumi.com/registry/packages/azure-native/api-docs/documentdb/databaseaccount/}
+     */
+    createCosmosDbAccount(id, scope, props, resourceOptions) {
+        if (!props)
+            throw `Props undefined for ${id}`;
+        // Get resource group name
+        const resourceGroupName = scope.props.resourceGroupName
+            ? scope.resourceNameFormatter.format(scope.props.resourceGroupName)
+            : props.resourceGroupName;
+        if (!resourceGroupName)
+            throw `Resource group name undefined for ${id}`;
+        return new DatabaseAccount(`${id}-ca`, {
+            ...props,
+            accountName: scope.resourceNameFormatter.format(props.accountName?.toString(), scope.props.resourceNameOptions?.cosmosDbAccount),
+            location: props.location ?? scope.props.location,
+            resourceGroupName: resourceGroupName,
+            tags: props.tags ?? {
+                environment: scope.props.stage,
+            },
+            identity: props.identity ?? {
+                type: ResourceIdentityType.SystemAssigned,
+            },
+        }, { parent: scope, ...resourceOptions });
+    }
+    /**
+     * @summary Method to create a new cosmosdb database
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props cosmosdb database properties
+     * @param resourceOptions Optional settings to control resource behaviour
+     * @see [Pulumi Azure Native CosmosDB SQL Database]{@link https://www.pulumi.com/registry/packages/azure-native/api-docs/documentdb/sqlresourcesqldatabase/}
+     */
+    createCosmosDbDatabase(id, scope, props, resourceOptions) {
+        if (!props)
+            throw `Props undefined for ${id}`;
+        // Get resource group name
+        const resourceGroupName = scope.props.resourceGroupName
+            ? scope.resourceNameFormatter.format(scope.props.resourceGroupName)
+            : props.resourceGroupName;
+        if (!resourceGroupName)
+            throw `Resource group name undefined for ${id}`;
+        return new SqlResourceSqlDatabase(`${id}-cd`, {
+            ...props,
+            databaseName: scope.resourceNameFormatter.format(props.databaseName?.toString(), scope.props.resourceNameOptions?.cosmosDbSqlDatabase),
+            resourceGroupName: resourceGroupName,
+        }, { parent: scope, ...resourceOptions });
+    }
+    /**
+     * @summary Method to create a new cosmosdb container
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props cosmosdb container properties
+     * @param resourceOptions Optional settings to control resource behaviour
+     * @see [Pulumi Azure Native CosmosDB SQL Container]{@link https://www.pulumi.com/registry/packages/azure-native/api-docs/documentdb/sqlresourcesqlcontainer/}
+     */
+    createCosmosDbContainer(id, scope, props, resourceOptions) {
+        if (!props)
+            throw `Props undefined for ${id}`;
+        // Get resource group name
+        const resourceGroupName = scope.props.resourceGroupName
+            ? `${scope.props.resourceGroupName}-${scope.props.stage}`
+            : props.resourceGroupName;
+        if (!resourceGroupName)
+            throw `Resource group name undefined for ${id}`;
+        return new SqlResourceSqlContainer(`${id}-cc`, {
+            ...props,
+            containerName: scope.resourceNameFormatter.format(props.containerName?.toString(), scope.props.resourceNameOptions?.cosmosDbSqlContainer),
+            resourceGroupName: resourceGroupName,
+        }, { parent: scope, ...resourceOptions });
+    }
+    /**
+     * @summary Method to create a sql role assignment
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props sql role assignment properties
+     * @param resourceOptions Optional settings to control resource behaviour
+     * @see [Pulumi Azure Native CosmosDB SQL Role Assignment]{@link https://www.pulumi.com/registry/packages/azure-native/api-docs/documentdb/sqlresourcesqlroleassignment/}
+     */
+    createSqlResourceSqlRoleAssignment(id, scope, props, resourceOptions) {
+        return new SqlResourceSqlRoleAssignment(`${id}`, props, { parent: scope, ...resourceOptions });
+    }
+    /**
+     * @summary Method to resolve an existing cosmosdb account
+     * @param scope scope in which this resource is defined
+     * @param accountName the account name
+     * @param resourceGroupName the resource group name
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    resolveCosmosDbAccount(scope, accountName, resourceGroupName, resourceOptions) {
+        return getDatabaseAccountOutput({ accountName, resourceGroupName }, { parent: scope, ...resourceOptions });
+    }
+    /**
+     * @summary Method to resolve an existing sql role definition
+     * @param scope scope in which this resource is defined
+     * @param accountName the account name
+     * @param resourceGroupName the resource group name
+     * @param roleDefinitionId the role definition id
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    resolveSqlRoleDefinition(scope, accountName, resourceGroupName, roleDefinitionId, resourceOptions) {
+        return getSqlResourceSqlRoleDefinitionOutput({ accountName, resourceGroupName, roleDefinitionId }, { parent: scope, ...resourceOptions });
+    }
+    /**
+     * @summary Method to assign a sql role assignment
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param accountName the account name
+     * @param resourceGroupName the resource group name
+     * @param principalId the principal id to which the role is assigned to
+     * @param roleDefinitions list of role definitions to
+     * @param resourceOptions Optional settings to control resource behaviour
+     */
+    grantSqlRoleDefinitionToAccount(id, scope, accountName, resourceGroupName, principalId, roleDefinitions, resourceOptions) {
+        const cosmosDbAccount = this.resolveCosmosDbAccount(scope, accountName, resourceGroupName, resourceOptions);
+        if (roleDefinitions.includes(CosmosRoleDefinition.CONTRIBUTOR)) {
+            const cosmosdbSqlRoleDefinitionContributor = this.resolveSqlRoleDefinition(scope, cosmosDbAccount.name, resourceGroupName, CosmosRoleDefinitionId.CONTRIBUTOR, resourceOptions);
+            this.createSqlResourceSqlRoleAssignment(`${id}-cdb-ra-contributor`, scope, {
+                accountName: cosmosDbAccount.name,
+                resourceGroupName: resourceGroupName,
+                roleDefinitionId: cosmosdbSqlRoleDefinitionContributor.id,
+                principalId,
+                scope: cosmosDbAccount.id,
+            }, resourceOptions);
+        }
+        if (roleDefinitions.includes(CosmosRoleDefinition.READER)) {
+            const cosmosdbSqlRoleDefinitionReader = this.resolveSqlRoleDefinition(scope, cosmosDbAccount.name, resourceGroupName, CosmosRoleDefinitionId.READER, resourceOptions);
+            this.createSqlResourceSqlRoleAssignment(`${id}-cdb-ra-reader`, scope, {
+                accountName: cosmosDbAccount.name,
+                resourceGroupName: resourceGroupName,
+                roleDefinitionId: cosmosdbSqlRoleDefinitionReader.id,
+                principalId,
+                scope: cosmosDbAccount.id,
+            }, resourceOptions);
+        }
+    }
+}

package/dist/src/services/cosmosdb/types.d.ts

@@ -0,0 +1,9 @@
+import { DatabaseAccountArgs, SqlResourceSqlContainerArgs, SqlResourceSqlDatabaseArgs, SqlResourceSqlRoleAssignmentArgs } from '@pulumi/azure-native/cosmosdb/index.js';
+export interface CosmosdbAccountProps extends DatabaseAccountArgs {
+}
+export interface CosmosdbSqlDatabaseProps extends SqlResourceSqlDatabaseArgs {
+}
+export interface CosmosdbSqlContainerProps extends SqlResourceSqlContainerArgs {
+}
+export interface SqlResourceSqlRoleAssignmentProps extends SqlResourceSqlRoleAssignmentArgs {
+}

package/dist/src/services/cosmosdb/types.js

@@ -0,0 +1 @@
+export {};

package/dist/src/services/dns/index.d.ts

@@ -0,0 +1,2 @@
+export * from './main.js';
+export * from './types.js';

package/dist/src/services/dns/index.js

@@ -0,0 +1,2 @@
+export * from './main.js';
+export * from './types.js';