From 4249bdabe4a93e465d897b2999e07d91361f46c8 Mon Sep 17 00:00:00 2001 From: Steven Hoang Date: Sat, 22 Jun 2024 10:02:51 +0800 Subject: [PATCH 1/4] update --- package-lock.json | 16 ++++++++-------- package.json | 4 ++-- src/Sql/index.ts | 4 +++- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index 30bff405..d895c788 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,10 +10,10 @@ "hasInstallScript": true, "license": "MIT", "dependencies": { - "@drunk-pulumi/azure-providers": "^0.0.18", + "@drunk-pulumi/azure-providers": "^0.0.21", "@pulumi/azure-native": "^2.46.0", "@pulumi/azuread": "5.52.0", - "@pulumi/pulumi": "^3.120.0", + "@pulumi/pulumi": "^3.121.0", "@pulumi/random": "^4.16.2", "@pulumi/tls": "^5.0.3", "axios": "^1.7.2", @@ -796,9 +796,9 @@ } }, "node_modules/@drunk-pulumi/azure-providers": { - "version": "0.0.18", - "resolved": "https://registry.npmjs.org/@drunk-pulumi/azure-providers/-/azure-providers-0.0.18.tgz", - "integrity": "sha512-IpPCi7doX0D0Jbauzl3n1ozvXXSIbGSL5AdWgvo1z5q94H/KKOTaSYvTYCCpIcgxMXeZJnzvBJzEjJjlwGLHvw==", + "version": "0.0.21", + "resolved": "https://registry.npmjs.org/@drunk-pulumi/azure-providers/-/azure-providers-0.0.21.tgz", + "integrity": "sha512-RoSJdLponyld+p8KediV6FflRvhY6QQTHyshWsd90z5vxQSVVPIGoOgLCdrHkWI4RW27J90TNC+1DHf6G3Zp2A==", "license": "MIT", "dependencies": { "@azure/arm-keyvault": "^3.1.0", @@ -1985,9 +1985,9 @@ } }, "node_modules/@pulumi/pulumi": { - "version": "3.120.0", - "resolved": "https://registry.npmjs.org/@pulumi/pulumi/-/pulumi-3.120.0.tgz", - "integrity": "sha512-MknkC5W+QPiFbn8HjhuHjONxh3RyH2RvS7S4sxgSp3vv9TofJ19KiSfIovRGKovy1Ri8T6T7b1d3xH6AHXuX2Q==", + "version": "3.121.0", + "resolved": "https://registry.npmjs.org/@pulumi/pulumi/-/pulumi-3.121.0.tgz", + "integrity": "sha512-fv9sY1e7nPeGpvlHIMZcErHeZAsbdqOi0Jcb1oxi0NvTU3jy1EZa70q+JdE0dmqYlr43HaSL8SU5+G0/S08wGA==", "license": "Apache-2.0", "dependencies": { "@grpc/grpc-js": "^1.10.1", diff --git a/package.json b/package.json index b32b53dd..377a9a4a 100644 --- a/package.json +++ b/package.json @@ -61,10 +61,10 @@ "replace-in-file": "^7.2.0" }, "dependencies": { - "@drunk-pulumi/azure-providers": "^0.0.18", + "@drunk-pulumi/azure-providers": "^0.0.21", "@pulumi/azure-native": "^2.46.0", "@pulumi/azuread": "5.52.0", - "@pulumi/pulumi": "^3.120.0", + "@pulumi/pulumi": "^3.121.0", "@pulumi/random": "^4.16.2", "@pulumi/tls": "^5.0.3", "axios": "^1.7.2", diff --git a/src/Sql/index.ts b/src/Sql/index.ts index d9aa85d3..78c62ba4 100644 --- a/src/Sql/index.ts +++ b/src/Sql/index.ts @@ -126,8 +126,10 @@ export default ({ const adminGroup = auth.envRoles.contributor; - if (auth.azureAdOnlyAuthentication) + if (auth.azureAdOnlyAuthentication) { + ignoreChanges.push("administratorLogin"); ignoreChanges.push("administratorLoginPassword"); + } const sqlServer = new sql.Server( sqlName, From 1b5e39c89b701effa024707413455f232dffb766 Mon Sep 17 00:00:00 2001 From: Steven Hoang Date: Sat, 22 Jun 2024 10:28:46 +0800 Subject: [PATCH 2/4] update --- src/Builder/types/sqlBuilder.ts | 2 +- src/Sql/index.ts | 23 ++++++++--------------- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/src/Builder/types/sqlBuilder.ts b/src/Builder/types/sqlBuilder.ts index ba98e4ec..1bab25c1 100644 --- a/src/Builder/types/sqlBuilder.ts +++ b/src/Builder/types/sqlBuilder.ts @@ -9,7 +9,7 @@ import { SqlDbSku } from "../../Sql/SqlDb"; export type SqlBuilderAuthOptionsType = Pick< SqlAuthType, - "enableAdAdministrator" | "azureAdOnlyAuthentication" + "azureAdOnlyAuthentication" >; export type SqlDbBuilderType = Record< diff --git a/src/Sql/index.ts b/src/Sql/index.ts index 78c62ba4..9f07a844 100644 --- a/src/Sql/index.ts +++ b/src/Sql/index.ts @@ -61,8 +61,6 @@ const createElasticPool = ({ export type SqlAuthType = { envRoles: EnvRolesResults; - /** create an Admin group on AzAD for SQL accessing.*/ - enableAdAdministrator?: boolean; azureAdOnlyAuthentication?: boolean; adminLogin: Input; password: Input; @@ -143,20 +141,15 @@ export default ({ administratorLogin: auth?.adminLogin, administratorLoginPassword: auth?.password, - administrators: - (auth?.enableAdAdministrator || auth.azureAdOnlyAuthentication) && - adminGroup - ? { - administratorType: sql.AdministratorType.ActiveDirectory, - azureADOnlyAuthentication: auth.azureAdOnlyAuthentication, - - principalType: sql.PrincipalType.Group, - tenantId, - sid: adminGroup.objectId, - login: adminGroup.displayName, - } - : undefined, + administrators: { + administratorType: sql.AdministratorType.ActiveDirectory, + azureADOnlyAuthentication: Boolean(auth.azureAdOnlyAuthentication), + principalType: sql.PrincipalType.Group, + tenantId, + sid: adminGroup?.objectId, + login: adminGroup?.displayName, + }, publicNetworkAccess: network?.asPrivateLink ? sql.ServerNetworkAccessFlag.Disabled : sql.ServerNetworkAccessFlag.Enabled, From 19de358f1677af5285d9c7252bdcab5c8cd66102 Mon Sep 17 00:00:00 2001 From: Steven Hoang Date: Sat, 22 Jun 2024 10:33:50 +0800 Subject: [PATCH 3/4] Update PrivateDns.ts --- src/VNet/PrivateDns.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/VNet/PrivateDns.ts b/src/VNet/PrivateDns.ts index 36134ddb..23d9ff9e 100644 --- a/src/VNet/PrivateDns.ts +++ b/src/VNet/PrivateDns.ts @@ -55,15 +55,16 @@ export const linkVnetToPrivateDns = ({ group, zoneName, vnetId, - registrationEnabled, + registrationEnabled = false, ...others }: VnetToPrivateDnsProps) => { return new native.network.VirtualNetworkLink( `${name}-${zoneName}-link`, { ...group, + location: "global", privateZoneName: zoneName, - registrationEnabled: registrationEnabled || false, + registrationEnabled, virtualNetwork: { id: vnetId }, }, others, From 67239e7e456e2f0284b68d2c89a47a06c02664e5 Mon Sep 17 00:00:00 2001 From: Steven Hoang Date: Sat, 22 Jun 2024 10:46:58 +0800 Subject: [PATCH 4/4] update --- src/VNet/PrivateDns.ts | 24 +++++++++++------------- src/VNet/PrivateEndpoint.ts | 4 ++-- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/src/VNet/PrivateDns.ts b/src/VNet/PrivateDns.ts index 23d9ff9e..b7b6676c 100644 --- a/src/VNet/PrivateDns.ts +++ b/src/VNet/PrivateDns.ts @@ -45,7 +45,7 @@ export const addARecord = ({ }; interface VnetToPrivateDnsProps extends BasicResourceArgs { - zoneName: string; + zoneName: Input; vnetId: Input; registrationEnabled?: boolean; } @@ -59,7 +59,7 @@ export const linkVnetToPrivateDns = ({ ...others }: VnetToPrivateDnsProps) => { return new native.network.VirtualNetworkLink( - `${name}-${zoneName}-link`, + `${name}-link`, { ...group, location: "global", @@ -104,17 +104,15 @@ export default ({ const toDnsInfo = () => ({ resourceName: name, group, id: zone.id }); if (vnetIds) { - all(vnetIds).apply((vn) => - vn.map((id) => - linkVnetToPrivateDns({ - name, - vnetId: id, - zoneName: name, - group, - registrationEnabled: false, - dependsOn: zone, - }), - ), + vnetIds.map((id) => + linkVnetToPrivateDns({ + name, + vnetId: id, + zoneName: name, + group, + registrationEnabled: false, + dependsOn: zone, + }), ); } diff --git a/src/VNet/PrivateEndpoint.ts b/src/VNet/PrivateEndpoint.ts index f686c9ce..566024ad 100644 --- a/src/VNet/PrivateEndpoint.ts +++ b/src/VNet/PrivateEndpoint.ts @@ -51,7 +51,7 @@ export default ({ //Create Zone const zone = PrivateZone({ - name: `${resourceInfo?.name}.${privateDnsZoneName}`, + name: `${resourceInfo!.name}.${privateDnsZoneName}`, group, }); @@ -69,7 +69,7 @@ export default ({ const vnetId = getVnetIdFromSubnetId(id); linkVnetToPrivateDns({ name: `${name}-${index}`, - zoneName: privateDnsZoneName, + zoneName: zone.name, vnetId, group, dependsOn: zone.resource,