def __init__(self, opts: Optional[pulumi.ResourceOptions] = None) -> None:
super().__init__(
"grapl:TestUserPassword",
"test-user-password",
None,
opts,
)
self.secret = aws.secretsmanager.Secret(
"test-user-password",
name=f"{STACK_NAME}-TestUserPassword",
description="The Grapl test user's password",
recovery_window_in_days=0, # delete immediately
opts=pulumi.ResourceOptions(parent=self),
)
self.random_uuid = random.RandomUuid(
"test-user-password-string",
opts=pulumi.ResourceOptions(parent=self,
additional_secret_outputs=["result"]),
)
# TODO: What do we do about rotation?
self.version = aws.secretsmanager.SecretVersion(
"test-user-password-version",
secret_id=self.secret.id,
secret_string=self.random_uuid.result,
opts=pulumi.ResourceOptions(parent=self),
)
self.register_outputs({})
self.secret_id = self.secret.id
def __init__(self, opts: Optional[pulumi.ResourceOptions] = None) -> None:
super().__init__(
"grapl:JWTSecret",
"jwt-secret",
None,
opts,
)
self.secret = aws.secretsmanager.Secret(
"edge-jwt-secret",
# TODO: Ultimately we don't want to care about this... it's
# just what the local services expect at the moment. As we
# move more things over to Pulumi, we'll be able to inject
# this automatically into, e.g., Lambda function environments.
name="JWT_SECRET_ID" if LOCAL_GRAPL else None,
description=
"The JWT secret that Grapl uses to authenticate its API",
opts=pulumi.ResourceOptions(parent=self),
)
self.random_uuid = random.RandomUuid(
"jwt-secret-uuid",
opts=pulumi.ResourceOptions(parent=self,
additional_secret_outputs=["result"]),
)
# TODO: What do we do about rotation?
self.version = aws.secretsmanager.SecretVersion(
"jwt-secret-version",
secret_id=self.secret.id,
secret_string=self.random_uuid.result,
opts=pulumi.ResourceOptions(parent=self),
)
self.register_outputs({})
),
sql_administrator_login="******",
sql_administrator_login_password=random.RandomPassword("workspacePwd", length=12).result)
allow_all = synapse.IpFirewallRule("allowAll",
resource_group_name=resource_group.name,
workspace_name=workspace.name,
rule_name="allowAll",
end_ip_address="255.255.255.255",
start_ip_address="0.0.0.0")
subscription_id = resource_group.id.apply(lambda id: id.split('/')[2])
role_definition_id = subscription_id.apply(lambda id: f"/subscriptions/{id}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe")
storage_access = authorization.RoleAssignment("storageAccess",
role_assignment_name=random.RandomUuid("roleName").result,
scope=storage_account.id,
principal_id=workspace.identity.principal_id.apply(lambda v: v or "<preview>"),
principal_type="ServicePrincipal",
role_definition_id=role_definition_id)
user_access = authorization.RoleAssignment("userAccess",
role_assignment_name=random.RandomUuid("userRoleName").result,
scope=storage_account.id,
principal_id=config.get("userObjectId"),
principal_type="User",
role_definition_id=role_definition_id)
sql_pool = synapse.SqlPool("sqlPool",
resource_group_name=resource_group.name,
location=resource_group.location,
import pulumi
import pulumi_random
config = pulumi.Config()
testScenario = config.require_int("scenario")
if testScenario == 1:
r1 = pulumi_random.RandomUuid("r1")
elif testScenario == 2:
r2 = pulumi_random.RandomUuid("r2", keepers={})
elif testScenario == 3:
r3 = pulumi_random.RandomUuid("r3", keepers={ "foo": "bar" })