diff --git a/package-lock.json b/package-lock.json index 30bff405..d895c788 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,10 +10,10 @@ "hasInstallScript": true, "license": "MIT", "dependencies": { - "@drunk-pulumi/azure-providers": "^0.0.18", + "@drunk-pulumi/azure-providers": "^0.0.21", "@pulumi/azure-native": "^2.46.0", "@pulumi/azuread": "5.52.0", - "@pulumi/pulumi": "^3.120.0", + "@pulumi/pulumi": "^3.121.0", "@pulumi/random": "^4.16.2", "@pulumi/tls": "^5.0.3", "axios": "^1.7.2", @@ -796,9 +796,9 @@ } }, "node_modules/@drunk-pulumi/azure-providers": { - "version": "0.0.18", - "resolved": "https://registry.npmjs.org/@drunk-pulumi/azure-providers/-/azure-providers-0.0.18.tgz", - "integrity": "sha512-IpPCi7doX0D0Jbauzl3n1ozvXXSIbGSL5AdWgvo1z5q94H/KKOTaSYvTYCCpIcgxMXeZJnzvBJzEjJjlwGLHvw==", + "version": "0.0.21", + "resolved": "https://registry.npmjs.org/@drunk-pulumi/azure-providers/-/azure-providers-0.0.21.tgz", + "integrity": "sha512-RoSJdLponyld+p8KediV6FflRvhY6QQTHyshWsd90z5vxQSVVPIGoOgLCdrHkWI4RW27J90TNC+1DHf6G3Zp2A==", "license": "MIT", "dependencies": { "@azure/arm-keyvault": "^3.1.0", @@ -1985,9 +1985,9 @@ } }, "node_modules/@pulumi/pulumi": { - "version": "3.120.0", - "resolved": "https://registry.npmjs.org/@pulumi/pulumi/-/pulumi-3.120.0.tgz", - "integrity": "sha512-MknkC5W+QPiFbn8HjhuHjONxh3RyH2RvS7S4sxgSp3vv9TofJ19KiSfIovRGKovy1Ri8T6T7b1d3xH6AHXuX2Q==", + "version": "3.121.0", + "resolved": "https://registry.npmjs.org/@pulumi/pulumi/-/pulumi-3.121.0.tgz", + "integrity": "sha512-fv9sY1e7nPeGpvlHIMZcErHeZAsbdqOi0Jcb1oxi0NvTU3jy1EZa70q+JdE0dmqYlr43HaSL8SU5+G0/S08wGA==", "license": "Apache-2.0", "dependencies": { "@grpc/grpc-js": "^1.10.1", diff --git a/package.json b/package.json index b32b53dd..377a9a4a 100644 --- a/package.json +++ b/package.json @@ -61,10 +61,10 @@ "replace-in-file": "^7.2.0" }, "dependencies": { - "@drunk-pulumi/azure-providers": "^0.0.18", + "@drunk-pulumi/azure-providers": "^0.0.21", "@pulumi/azure-native": "^2.46.0", "@pulumi/azuread": "5.52.0", - "@pulumi/pulumi": "^3.120.0", + "@pulumi/pulumi": "^3.121.0", "@pulumi/random": "^4.16.2", "@pulumi/tls": "^5.0.3", "axios": "^1.7.2", diff --git a/src/Builder/types/sqlBuilder.ts b/src/Builder/types/sqlBuilder.ts index ba98e4ec..1bab25c1 100644 --- a/src/Builder/types/sqlBuilder.ts +++ b/src/Builder/types/sqlBuilder.ts @@ -9,7 +9,7 @@ import { SqlDbSku } from "../../Sql/SqlDb"; export type SqlBuilderAuthOptionsType = Pick< SqlAuthType, - "enableAdAdministrator" | "azureAdOnlyAuthentication" + "azureAdOnlyAuthentication" >; export type SqlDbBuilderType = Record< diff --git a/src/Sql/index.ts b/src/Sql/index.ts index d9aa85d3..9f07a844 100644 --- a/src/Sql/index.ts +++ b/src/Sql/index.ts @@ -61,8 +61,6 @@ const createElasticPool = ({ export type SqlAuthType = { envRoles: EnvRolesResults; - /** create an Admin group on AzAD for SQL accessing.*/ - enableAdAdministrator?: boolean; azureAdOnlyAuthentication?: boolean; adminLogin: Input; password: Input; @@ -126,8 +124,10 @@ export default ({ const adminGroup = auth.envRoles.contributor; - if (auth.azureAdOnlyAuthentication) + if (auth.azureAdOnlyAuthentication) { + ignoreChanges.push("administratorLogin"); ignoreChanges.push("administratorLoginPassword"); + } const sqlServer = new sql.Server( sqlName, @@ -141,20 +141,15 @@ export default ({ administratorLogin: auth?.adminLogin, administratorLoginPassword: auth?.password, - administrators: - (auth?.enableAdAdministrator || auth.azureAdOnlyAuthentication) && - adminGroup - ? { - administratorType: sql.AdministratorType.ActiveDirectory, - azureADOnlyAuthentication: auth.azureAdOnlyAuthentication, - - principalType: sql.PrincipalType.Group, - tenantId, - sid: adminGroup.objectId, - login: adminGroup.displayName, - } - : undefined, + administrators: { + administratorType: sql.AdministratorType.ActiveDirectory, + azureADOnlyAuthentication: Boolean(auth.azureAdOnlyAuthentication), + principalType: sql.PrincipalType.Group, + tenantId, + sid: adminGroup?.objectId, + login: adminGroup?.displayName, + }, publicNetworkAccess: network?.asPrivateLink ? sql.ServerNetworkAccessFlag.Disabled : sql.ServerNetworkAccessFlag.Enabled, diff --git a/src/VNet/PrivateDns.ts b/src/VNet/PrivateDns.ts index 36134ddb..b7b6676c 100644 --- a/src/VNet/PrivateDns.ts +++ b/src/VNet/PrivateDns.ts @@ -45,7 +45,7 @@ export const addARecord = ({ }; interface VnetToPrivateDnsProps extends BasicResourceArgs { - zoneName: string; + zoneName: Input; vnetId: Input; registrationEnabled?: boolean; } @@ -55,15 +55,16 @@ export const linkVnetToPrivateDns = ({ group, zoneName, vnetId, - registrationEnabled, + registrationEnabled = false, ...others }: VnetToPrivateDnsProps) => { return new native.network.VirtualNetworkLink( - `${name}-${zoneName}-link`, + `${name}-link`, { ...group, + location: "global", privateZoneName: zoneName, - registrationEnabled: registrationEnabled || false, + registrationEnabled, virtualNetwork: { id: vnetId }, }, others, @@ -103,17 +104,15 @@ export default ({ const toDnsInfo = () => ({ resourceName: name, group, id: zone.id }); if (vnetIds) { - all(vnetIds).apply((vn) => - vn.map((id) => - linkVnetToPrivateDns({ - name, - vnetId: id, - zoneName: name, - group, - registrationEnabled: false, - dependsOn: zone, - }), - ), + vnetIds.map((id) => + linkVnetToPrivateDns({ + name, + vnetId: id, + zoneName: name, + group, + registrationEnabled: false, + dependsOn: zone, + }), ); } diff --git a/src/VNet/PrivateEndpoint.ts b/src/VNet/PrivateEndpoint.ts index f686c9ce..566024ad 100644 --- a/src/VNet/PrivateEndpoint.ts +++ b/src/VNet/PrivateEndpoint.ts @@ -51,7 +51,7 @@ export default ({ //Create Zone const zone = PrivateZone({ - name: `${resourceInfo?.name}.${privateDnsZoneName}`, + name: `${resourceInfo!.name}.${privateDnsZoneName}`, group, }); @@ -69,7 +69,7 @@ export default ({ const vnetId = getVnetIdFromSubnetId(id); linkVnetToPrivateDns({ name: `${name}-${index}`, - zoneName: privateDnsZoneName, + zoneName: zone.name, vnetId, group, dependsOn: zone.resource,