Merge pull request #42 from baoduy/develop

Develop
baoduy · Jul 9, 2024 · 0e1ee0c · 0e1ee0c
2 parents e570590 + 1e51a6d
commit 0e1ee0c
Show file tree

Hide file tree

Showing 47 changed files with 1,112 additions and 1,086 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -43,35 +43,35 @@
     "@types/chai": "^4.3.16",
     "@types/mocha": "^10.0.7",
     "@types/netmask": "^2.0.5",
-    "@types/node": "^20.14.9",
+    "@types/node": "^20.14.10",
     "@types/node-forge": "^1.3.11",
-    "@typescript-eslint/eslint-plugin": "^7.14.1",
-    "@typescript-eslint/parser": "^7.14.1",
+    "@typescript-eslint/eslint-plugin": "^7.15.0",
+    "@typescript-eslint/parser": "^7.15.0",
     "chai": "^5.1.1",
     "cpy-cli": "^5.0.0",
     "cross-env": "^7.0.3",
-    "eslint": "^9.5.0",
+    "eslint": "^9.6.0",
     "eslint-plugin-deprecation": "^3.0.0",
     "husky": "^9.0.11",
     "lint-staged": "^15.2.7",
     "mocha": "^9.2.2",
     "nyc": "^17.0.0",
     "replace-in-file": "7.2.0",
     "ts-node": "^10.9.2",
-    "typescript": "^5.5.2"
+    "typescript": "^5.5.3"
   },
   "dependencies": {
     "@drunk-pulumi/azure-providers": "^0.0.24",
-    "@pulumi/azure-native": "^2.47.1",
-    "@pulumi/azuread": "5.52.0",
-    "@pulumi/pulumi": "^3.121.0",
-    "@pulumi/random": "^4.16.2",
-    "@pulumi/tls": "^5.0.3",
+    "@pulumi/azure-native": "^2.48.0",
+    "@pulumi/azuread": "5.53.1",
+    "@pulumi/pulumi": "^3.122.0",
+    "@pulumi/random": "^4.16.3",
+    "@pulumi/tls": "^5.0.4",
     "axios": "^1.7.2",
     "netmask": "^2.0.2",
     "node-forge": "^1.3.1",
     "to-words": "^4.0.1",
-    "xml-formatter": "^3.6.2"
+    "xml-formatter": "^3.6.3"
   },
   "husky": {
     "hooks": {

diff --git a/src/Aks/Helper.ts b/src/Aks/Helper.ts
@@ -1,9 +1,9 @@
-import * as containerservice from "@pulumi/azure-native/containerservice";
-import { getAksName, getResourceGroupName } from "../Common/Naming";
-import { KeyVaultInfo, ResourceInfo, ResourceType } from "../types";
-import { getSecret } from "../KeyVault/Helper";
-import { interpolate, Output } from "@pulumi/pulumi";
-import { currentRegionName, subscriptionId } from "../Common/AzureEnv";
+import * as containerservice from '@pulumi/azure-native/containerservice';
+import { getAksName, getResourceGroupName } from '../Common/Naming';
+import { KeyVaultInfo, ResourceInfo, ResourceType } from '../types';
+import { getSecret } from '../KeyVault/Helper';
+import { interpolate, Output } from '@pulumi/pulumi';
+import { currentRegionName, subscriptionId } from '../Common/AzureEnv';
 
 /** Get AKS Config from Managed Cluster*/
 export const getAksConfig = async ({
@@ -30,7 +30,7 @@ export const getAksConfig = async ({
         resourceGroupName: group,
       });
 
-  return Buffer.from(aks.kubeconfigs[0].value, "base64").toString("utf8");
+  return Buffer.from(aks.kubeconfigs[0].value, 'base64').toString('utf8');
 };
 
 /** Get AKS Config from Key Vault*/
@@ -52,7 +52,7 @@ export const getAksVaultConfig = async ({
     vaultInfo,
     nameFormatted: false,
   });
-  return rs?.value || "";
+  return rs?.value || '';
 };
 
 export const getAksPrivateDnz = ({
@@ -70,11 +70,11 @@ export const getAksPrivateDnz = ({
 
   return aks.apply((a) => {
     if (!a.privateFQDN) return undefined;
-    const dnsName = a.privateFQDN.split(":").slice(1).join(".");
+    const dnsName = a.privateFQDN.split(':').slice(1).join('.');
     const rsGroup = a.nodeResourceGroup!;
 
     return {
-      resourceName: dnsName,
+      name: dnsName,
       group: { resourceGroupName: rsGroup, location: currentRegionName },
       id: interpolate`/subscriptions/${subscriptionId}/resourceGroups/${rsGroup}/providers/Microsoft.Network/privateDnsZones/${dnsName}`,
     } as ResourceInfo;

diff --git a/src/Aks/Identity.ts b/src/Aks/Identity.ts
@@ -1,22 +1,22 @@
-import { getGraphPermissions } from "../AzAd/GraphDefinition";
-import identityCreator from "../AzAd/Identity";
-import { BasicArgs, KeyVaultInfo } from "../types";
-import { roleAssignment } from "../AzAd/RoleAssignment";
-import { defaultScope } from "../Common/AzureEnv";
+import { getGraphPermissions } from '../AzAd/GraphDefinition';
+import identityCreator from '../AzAd/Identity';
+import { BasicArgs, KeyVaultInfo } from '../types';
+import { roleAssignment } from '../AzAd/RoleAssignment';
+import { defaultScope } from '../Common/AzureEnv';
 
 interface Props extends BasicArgs {
   name: string;
-  vaultInfo: KeyVaultInfo;
+  vaultInfo?: KeyVaultInfo;
 }
 
 //** The AzAD app Identity for Azure Kubernetes for RBAC */
 export default ({ name, vaultInfo, dependsOn }: Props) => {
   //AKS need this permission for AAD integration
   const graphAccess = getGraphPermissions(
-    { name: "User.Read", type: "Scope" },
-    { name: "Group.Read.All", type: "Scope" },
+    { name: 'User.Read', type: 'Scope' },
+    { name: 'Group.Read.All', type: 'Scope' },
     //{ name: 'Directory.Read.All', type: 'Scope' },
-    { name: "Directory.Read.All", type: "Role" },
+    { name: 'Directory.Read.All', type: 'Role' },
   );
 
   const serverIdentity = identityCreator({
@@ -25,16 +25,16 @@ export default ({ name, vaultInfo, dependsOn }: Props) => {
     createPrincipal: true,
     requiredResourceAccesses: [graphAccess],
     publicClient: false,
-    appType: "api",
+    appType: 'api',
     vaultInfo,
     dependsOn,
   });
 
   roleAssignment({
     name: `${name}-aks-identity-acr-pull`,
     principalId: serverIdentity.principalId!,
-    principalType: "ServicePrincipal",
-    roleName: "AcrPull",
+    principalType: 'ServicePrincipal',
+    roleName: 'AcrPull',
     scope: defaultScope,
     dependsOn: serverIdentity.resource,
   });

diff --git a/src/Aks/VmSetMonitor/index.ts b/src/Aks/VmSetMonitor/index.ts
@@ -2,7 +2,7 @@ import * as native from '@pulumi/azure-native';
 import { findVMScaleSet } from '../../Core/Helper';
 import * as fs from 'fs';
 import { BasicMonitorArgs, KeyVaultInfo, ResourceGroupInfo } from '../../types';
-import { Input, all, Resource } from '@pulumi/pulumi';
+import { all, Input, Resource } from '@pulumi/pulumi';
 import { replaceAll } from '../../Common/Helpers';
 import { getLogWpSecretsById } from '../../Logs/Helpers';
 import { getAccountSAS, getStorageSecretsById } from '../../Storage/Helper';
@@ -46,7 +46,7 @@ export default ({
       settings = replaceAll(
         settings,
         '__DIAGNOSTIC_STORAGE_ACCOUNT__',
-        logStorage.info!.name
+        logStorage.info!.name,
       );
       settings = replaceAll(settings, '__VM_OR_VMSS_RESOURCE_ID__', vm.id);
 
@@ -66,13 +66,13 @@ export default ({
           protectedSettings: `{
           "storageAccountName": "${logStorage.info!.name}",
           "storageAccountSasToken": "${logSAS.accountSasToken.substring(
-            logSAS.accountSasToken.indexOf('?') + 1
+            logSAS.accountSasToken.indexOf('?') + 1,
           )}"
         }`,
           settings,
         },
         //Ignore changes on this field as API never returns it back
-        { ignoreChanges: ['protectedSettings'], dependsOn }
+        { ignoreChanges: ['protectedSettings'], dependsOn },
       );
 
       const oms = new native.compute.VirtualMachineScaleSetExtension(
@@ -94,7 +94,7 @@ export default ({
           settings: `{"workspaceId": "${logWp.info!.id}"}`,
         },
         //Ignore changes on this field as API never returns it back
-        { ignoreChanges: ['protectedSettings'], dependsOn }
+        { ignoreChanges: ['protectedSettings'], dependsOn },
       );
 
       return { diag, oms };

diff --git a/src/Aks/index.ts b/src/Aks/index.ts
@@ -8,8 +8,8 @@ import {
   defaultScope,
   Environments,
   getResourceIdFromInfo,
-  parseResourceInfoFromId,
   isPrd,
+  parseResourceInfoFromId,
   tenantId,
 } from '../Common/AzureEnv';
 import Locker from '../Core/Locker';
@@ -130,7 +130,7 @@ export type AskFeatureProps = {
 };
 
 export type AksAccessProps = {
-  envRoles: EnvRolesResults;
+  envRoles?: EnvRolesResults;
   authorizedIPRanges?: Input<string>[];
   disableLocalAccounts?: boolean;
 };
@@ -168,7 +168,7 @@ export interface AksProps extends BasicResourceArgs {
   //kubernetesVersion?: Input<string>;
   nodePools?: Array<AksNodePoolProps>;
 
-  vaultInfo: KeyVaultInfo;
+  vaultInfo?: KeyVaultInfo;
   logWpId?: Input<string>;
   /**Lock resource from delete*/
   lock?: boolean;
@@ -178,7 +178,7 @@ export type AksResults = ResourceInfo & {
   serviceIdentity: IdentityResult;
   aks: ManagedCluster;
   disableLocalAccounts?: boolean;
-  getKubeConfig: () => Output<string>;
+  getKubeConfig: () => Output<string> | undefined;
 };
 
 //Using this to enable the preview feature https://azurecloudai.blog/2019/10/16/aks-enabling-and-using-preview-features-such-as-nodepools-using-cli/
@@ -211,7 +211,7 @@ export default async ({
   const nodeResourceGroup = getResourceGroupName(`${aksName}-nodes`);
 
   //Auto detect and disable Local Account
-  if (aksAccess.disableLocalAccounts === undefined) {
+  if (aksAccess.disableLocalAccounts === undefined && vaultInfo) {
     aksAccess.disableLocalAccounts = await getKeyVaultBase(vaultInfo.name)
       .checkSecretExist(secretName)
       .catch(() => false);
@@ -401,12 +401,14 @@ export default async ({
       },
       disableLocalAccounts: Boolean(aksAccess.disableLocalAccounts),
       enableRBAC: true,
-      aadProfile: {
-        enableAzureRBAC: true,
-        managed: true,
-        adminGroupObjectIDs: [aksAccess.envRoles.admin.objectId],
-        tenantID: tenantId,
-      },
+      aadProfile: aksAccess.envRoles
+        ? {
+            enableAzureRBAC: true,
+            managed: true,
+            adminGroupObjectIDs: [aksAccess.envRoles.admin.objectId],
+            tenantID: tenantId,
+          }
+        : undefined,
       oidcIssuerProfile: { enabled: false },
       storageProfile: {
         blobCSIDriver: {
@@ -529,13 +531,15 @@ export default async ({
             scope: acrScope,
           });
 
-          addCustomSecret({
-            name: `${name}-identity-clientId`,
-            value: identityProfile['kubeletidentity'].clientId!,
-            dependsOn: aks,
-            contentType: name,
-            vaultInfo,
-          });
+          if (vaultInfo) {
+            addCustomSecret({
+              name: `${name}-identity-clientId`,
+              value: identityProfile['kubeletidentity'].clientId!,
+              dependsOn: aks,
+              contentType: name,
+              vaultInfo,
+            });
+          }
         }
 
         if (network.subnetId && identity) {
@@ -559,16 +563,18 @@ export default async ({
       disableLocalAccounts: aksAccess.disableLocalAccounts,
     });
 
-    addCustomSecret({
-      name: secretName,
-      value: config,
-      formattedName: true,
-      dependsOn: aks,
-      contentType: aksAccess.disableLocalAccounts
-        ? `${name}-UserCredentials`
-        : `${name}-AdminCredentials`,
-      vaultInfo,
-    });
+    if (vaultInfo) {
+      addCustomSecret({
+        name: secretName,
+        value: config,
+        formattedName: true,
+        dependsOn: aks,
+        contentType: aksAccess.disableLocalAccounts
+          ? `${name}-UserCredentials`
+          : `${name}-AdminCredentials`,
+        vaultInfo,
+      });
+    }
 
     //Diagnostic
     if (features.enableDiagnosticSetting && logWpId) {
@@ -587,27 +593,31 @@ export default async ({
         dependsOn: aks,
       });
 
-      //Apply monitoring for VMScale Sets
-      vmsDiagnostic({
-        group: { resourceGroupName: nodeResourceGroup },
-        logWpId,
-        vaultInfo,
-        dependsOn: aks,
-      });
+      if (vaultInfo) {
+        //Apply monitoring for VMScale Sets
+        vmsDiagnostic({
+          group: { resourceGroupName: nodeResourceGroup },
+          logWpId,
+          vaultInfo,
+          dependsOn: aks,
+        });
+      }
     }
   });
 
   return {
-    resourceName: name,
+    name,
     group,
     id: aks.id,
     aks,
     serviceIdentity,
-    getKubeConfig: (): Output<string> =>
-      output(
-        getKeyVaultBase(vaultInfo.name)
-          .getSecret(secretName)
-          .then((s) => s!.value!),
-      ),
+    getKubeConfig: (): Output<string> | undefined =>
+      vaultInfo
+        ? output(
+            getKeyVaultBase(vaultInfo.name)
+              .getSecret(secretName)
+              .then((s) => s!.value!),
+          )
+        : undefined,
   };
 };
diff --git a/src/Apim/Helpers.ts b/src/Apim/Helpers.ts
@@ -1,15 +1,15 @@
-import { ResourceInfo } from "../types";
-import { getApimName, getResourceGroupName } from "../Common/Naming";
-import { interpolate } from "@pulumi/pulumi";
-import { currentRegionName, subscriptionId } from "../Common/AzureEnv";
+import { ResourceInfo } from '../types';
+import { getApimName, getResourceGroupName } from '../Common/Naming';
+import { interpolate } from '@pulumi/pulumi';
+import { currentRegionName, subscriptionId } from '../Common/AzureEnv';
 
 export const getApimInfo = (nameAndGroup: string): ResourceInfo => {
   const name = getApimName(nameAndGroup);
   const rgName = getResourceGroupName(nameAndGroup);
   const id = interpolate`/subscriptions/${subscriptionId}/resourceGroups/${rgName}/providers/Microsoft.ApiManagement/service/${name}`;
 
   return {
-    resourceName: name,
+    name,
     group: { resourceGroupName: rgName, location: currentRegionName },
     id,
   };