Merge pull request #99 from baoduy/develop

Develop

package.json

@@ -52,15 +52,15 @@
     "nyc": "^17.1.0",
     "replace-in-file": "7.2.0",
     "ts-node": "^10.9.2",
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "dependencies": {
     "@drunk-pulumi/azure-providers": "^1.0.7",
-    "@pulumi/azure-native": "^2.65.0",
-    "@pulumi/azuread": "5.53.5",
-    "@pulumi/pulumi": "^3.136.0",
+    "@pulumi/azure-native": "^2.66.0",
+    "@pulumi/azuread": "6.0.1",
+    "@pulumi/pulumi": "^3.136.1",
     "@pulumi/random": "^4.16.6",
-    "@pulumi/tls": "^5.0.7",
+    "@pulumi/tls": "^5.0.8",
     "netmask": "^2.0.2",
     "node-forge": "^1.3.1",
     "to-words": "^4.1.0"

src/Aks/index.ts

@@ -23,16 +23,17 @@ const autoScaleFor = ({
   enableAutoScaling,
   nodeType,
   env,
+  maxCount,
 }: {
   env: Environments;
   nodeType: 'Default' | 'System' | 'User';
   enableAutoScaling?: boolean;
+  maxCount?: number;
 }) => {
   const nodeCount = 1;
   const minCount = 1;
-  let maxCount = 3;
 
-  if (env === Environments.Prd) {
+  if (!maxCount) {
     switch (nodeType) {
       case 'User':
         maxCount = 5;
@@ -116,6 +117,7 @@ export type AskAddonProps = {
 export type AskFeatureProps = {
   enablePrivateCluster?: boolean;
   enableAutoScale?: boolean;
+  maxAutoScaleNodes?: number;
   enablePodIdentity?: boolean;
   enableWorkloadIdentity?: boolean;
   //enableDiagnosticSetting?: boolean;
@@ -131,7 +133,7 @@ export type AksAccessProps = {
 export type AksNetworkProps = {
   subnetId: pulumi.Input<string>;
   virtualHostSubnetName?: pulumi.Input<string>;
-  /** This is using for Private DNZ linking only*/
+  /** This uses for Private DNZ linking only*/
   extraVnetIds?: pulumi.Input<string>[];
   outboundIpAddress?: {
     ipAddressId?: pulumi.Input<string>;
@@ -185,7 +187,6 @@ export default async ({
   aksAccess,
 
   envRoles,
-  envUIDInfo,
   vaultInfo,
   diskEncryptionSetId,
 
@@ -210,7 +211,7 @@ export default async ({
   const secretName = `${aksName}-config`;
   const nodeResourceGroup = naming.getResourceGroupName(`${aksName}-nodes`);
 
-  //Auto detect and disable Local Account
+  //Auto-detect and disable Local Account
   if (aksAccess.disableLocalAccounts === undefined && vaultInfo) {
     aksAccess.disableLocalAccounts = await getKeyVaultBase(vaultInfo.name)
       .checkSecretExist(secretName)
@@ -308,6 +309,7 @@ export default async ({
             env: currentEnv,
             nodeType: 'System',
             enableAutoScaling: features?.enableAutoScale,
+            maxCount: features?.maxAutoScaleNodes,
           }),
 
           name: 'defaultnodes',
@@ -478,6 +480,7 @@ export default async ({
             env: currentEnv,
             nodeType: p.mode,
             enableAutoScaling: features.enableAutoScale,
+            maxCount: features?.maxAutoScaleNodes,
           }),
 
           //This already added into defaultNodePoolProps

src/Builder/ApimBuilder.ts

@@ -1,13 +1,19 @@
 import * as types from './types';
 import { EnvRoleKeyTypes, ResourceInfo } from '../types';
 import * as apim from '@pulumi/azure-native/apimanagement';
+import * as pulumi from '@pulumi/pulumi';
 import { getSecretOutput, addCustomSecret } from '../KeyVault';
-import { naming, organization, subscriptionId, tenantId } from '../Common';
+import {
+  naming,
+  organization,
+  readFileAsBase64,
+  subscriptionId,
+  tenantId,
+} from '../Common';
 import {
   ApimSignInSettingsResource,
   ApimSignUpSettingsResource,
 } from '@drunk-pulumi/azure-providers';
-import { randomUuId } from '../Core/Random';
 import * as network from '@pulumi/azure-native/network';
 import * as IpAddress from '../VNet/IpAddress';
 import Identity from '../AzAd/Identity';
@@ -22,7 +28,7 @@ class ApimBuilder
     types.IApimBuilder
 {
   private _publisher: types.ApimPublisherBuilderType | undefined = undefined;
-  private _proxyDomain: types.ApimDomainBuilderType | undefined = undefined;
+  private _proxyDomains: types.ApimDomainBuilderType[] = [];
   private _sku: types.ApimSkuBuilderType | undefined = undefined;
   private _additionalLocations: types.ApimAdditionalLocationType[] = [];
   private _zones: types.ApimZoneType | undefined = undefined;
@@ -91,7 +97,7 @@ class ApimBuilder
   public withProxyDomain(
     props: types.ApimDomainBuilderType,
   ): types.IApimBuilder {
-    this._proxyDomain = props;
+    this._proxyDomains.push(props);
     return this;
   }
   public withProxyDomainIf(
@@ -148,6 +154,16 @@ class ApimBuilder
       return { encodedCertificate: cert.apply((c) => c!.value!) };
     }
 
+    if ('certificatePath' in props) {
+      const cert = pulumi
+        .output(props.certificatePath)
+        .apply((p) => readFileAsBase64(p));
+      return {
+        encodedCertificate: cert,
+        certificatePassword: props.certificatePassword,
+      };
+    }
+
     return {
       encodedCertificate: props.certificate,
       certificatePassword: props.certificatePassword,
@@ -196,22 +212,18 @@ class ApimBuilder
         ],
 
         enableClientCertificate: true,
-        hostnameConfigurations: this._proxyDomain
-          ? [
-              {
-                ...this.getCert(this._proxyDomain),
-                type: 'Proxy',
-                hostName: this._proxyDomain.domain,
-                negotiateClientCertificate: false,
-                defaultSslBinding: false,
-              },
-            ]
-          : undefined,
+        hostnameConfigurations: this._proxyDomains.map((d) => ({
+          ...this.getCert(d),
+          type: 'Proxy',
+          hostName: d.domain,
+          negotiateClientCertificate: false,
+          defaultSslBinding: false,
+        })),
 
         //Restore APIM from Deleted
         restore: this._restoreFromDeleted,
 
-        //Only support when link to a virtual network
+        //Only support when linking to a virtual network
         publicIpAddressId: this._apimVnet
           ? this._ipAddressInstances[this.commonProps.name]?.id
           : undefined,
@@ -287,10 +299,10 @@ class ApimBuilder
       envRoles.addIdentity(this._envRoleType, this._apimInstance.identity);
     }
 
-    if (vaultInfo) {
+    if (vaultInfo && this._proxyDomains.length > 0) {
       addCustomSecret({
         name: `${this._instanceName}-host`,
-        value: this._proxyDomain?.domain ?? this._apimInstance.gatewayUrl,
+        value: this._proxyDomains[0].domain ?? this._apimInstance.gatewayUrl,
         contentType: `APIM ${this._instanceName}`,
         dependsOn: this._apimInstance,
         vaultInfo,
@@ -343,7 +355,7 @@ class ApimBuilder
   private buildDisableSigIn() {
     if (!this._disableSignIn) return;
 
-    //Turn off Sign up setting
+    //Turn off Sign upsetting
     new ApimSignUpSettingsResource(
       this._instanceName!,
       {

src/Builder/VnetBuilder.ts

@@ -176,6 +176,7 @@ class VnetBuilder
       ipAddresses: ipNames.map((n) => ({ name: n })),
       createPrefix: this._ipType === 'prefix',
       config: { version: 'IPv4', allocationMethod: 'Static' },
+      retainOnDelete: true,
     });
 
     //Collect All IpAddresses

src/Builder/types/apimBuilder.ts

@@ -9,6 +9,7 @@ import {
   VaultCertType,
   WithEnvRoles,
   WithLogInfo,
+  CertFile,
 } from '../../types';
 
 /**
@@ -41,7 +42,7 @@ export type ApimPublisherBuilderType = {
  * Type for configuring certificates for APIM.
  */
 
-export type ApimCertBuilderType = CertType | VaultCertType;
+export type ApimCertBuilderType = CertType | VaultCertType | CertFile;
 
 /**
  * Type for configuring domain and certificates for APIM.
@@ -73,13 +74,13 @@ export type ApimVnetType = {
    * The type of VPN in which API Management service needs to be configured in.
    * None (Default Value) means the API Management service is not part of any Virtual Network,
    * External means the API Management deployment is set up inside a Virtual Network having an Internet Facing Endpoint,
-   * and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only.
+   * and Internal means that API Management deployment is set up inside a Virtual Network having an Intranet Facing Endpoint only.
    */
   type: 'External' | 'Internal';
 };
 
 /**
- * Type for configuring private link for APIM.
+ * Type for configuring a private link for APIM.
  */
 export type ApimPrivateLinkType = PrivateLinkPropsType & {
   disablePublicAccess?: boolean;
@@ -131,7 +132,7 @@ export interface IApimPublisherBuilder {
  */
 export interface IApimAuthBuilder {
   /**
-   * Configures Entra ID authentication for APIM.
+   * Configures EntraID authentication for APIM.
    * @returns The APIM builder instance.
    */
   withEntraID(): IApimBuilder;