def program():
config = Config()
config.get("plainstr1")
config.require("plainstr2")
config.get_secret("plainstr3")
config.require_secret("plainstr4")
config.get_bool("plainbool1")
config.require_bool("plainbool2")
config.get_secret_bool("plainbool3")
config.require_secret_bool("plainbool4")
config.get_int("plainint1")
config.require_int("plainint2")
config.get_secret_int("plainint3")
config.require_secret_int("plainint4")
config.get_float("plainfloat1")
config.require_float("plainfloat2")
config.get_secret_float("plainfloat3")
config.require_secret_float("plainfloat4")
config.get_object("plainobj1")
config.require_object("plainobj2")
config.get_secret_object("plainobj3")
config.require_secret_object("plainobj4")
config.get("str1")
config.require("str2")
config.get_secret("str3")
config.require_secret("str4")
config.get_bool("bool1")
config.require_bool("bool2")
config.get_secret_bool("bool3")
config.require_secret_bool("bool4")
config.get_int("int1")
config.require_int("int2")
config.get_secret_int("int3")
config.require_secret_int("int4")
config.get_float("float1")
config.require_float("float2")
config.get_secret_float("float3")
config.require_secret_float("float4")
config.get_object("obj1")
config.require_object("obj2")
config.get_secret_object("obj3")
config.require_secret_object("obj4")
def build_secrets(config: pulumi.Config):
secrets_template = """export CTR_FQDN="{fqdn}"
export CTR_EMAIL="{email}"
export CTR_PASSWORD="******"
export CTR_FIRSTNAME="{admin_first_name}"
export CTR_LASTNAME="{admin_last_name}"
export CTR_SMTP_HOST={smtp_host}
export CTR_SMTP_PORT={smtp_port}
export CTR_SMTP_TLS={smtp_tls}
export CTR_SMTP_AUTH={smtp_auth}
export CTR_SMTP_FROM={smtp_from}
"""
if config.get('db_type') == 'sass':
secrets_template += """export PG_INSTALL_TYPE=sass
export CTR_DB_HOST="{db_hostname}"
export CTR_DB_USER="******"
export CTR_DB_PASS="******"
"""
elif config.get('db_type') == 'local':
secrets_template += 'export PG_INSTALL_TYPE=local\n'
if config.get_bool('smtp_auth'):
if config.get('smtp_user'):
secrets_template += 'export CTR_SMTP_USER={0}\n'.format(config.get('smtp_user'))
if config.get('smtp_pass'):
secrets_template += 'export CTR_SMTP_PASS={0}\n'.format(config.get('smtp_pass'))
hostname = build_vm_domain(config)
db_admin_username = config.get('db_admin_username') or 'controller'
installation_id = config.get('installation_id')
values = {
'fqdn': hostname,
'email': config.get('admin_email'),
'admin_pass': config.get('admin_password'),
'admin_first_name': config.get('admin_first_name'),
'admin_last_name': config.get('admin_last_name'),
'db_hostname': 'config-db-{0}.postgres.database.azure.com'.format(installation_id),
'db_user': '******'.format(db_admin_username, installation_id),
'db_pass': config.get('db_admin_password'),
'smtp_host': config.get('smtp_host'),
'smtp_port': config.get('smtp_port'),
'smtp_tls': 'true' if config.get_bool('smtp_tls') else 'false',
'smtp_from': config.get('smtp_from'),
'smtp_auth': 'true' if config.get_bool('smtp_auth') else 'false'
}
return secrets_template.format_map(values)
if separator == ' ':
separator = ''
suffix = config.get('suffix') or ''
# retrieve project and stack (org not yet available)
project = get_project()
stack = get_stack()
# set default tags to be applied to all taggable resources
default_tags = {
'manager': 'pulumi',
'project': project,
'stack': stack,
}
# Azure Bastion hosts in hub and spokes (until functional across peerings)
azure_bastion = config.get_bool('azure_bastion')
# Azure Firewall to route all Internet-bound traffic to designated next hop
forced_tunnel = config.get('forced_tunnel')
if forced_tunnel:
ft_ip = ip_address(forced_tunnel) # check IP address is valid
# another stack may be peered in the same project, even across organizations
peer = config.get('peer')
porg = config.get('org')
proj = config.get('project')
if porg and not proj: # assume the same project in other organization
proj = project
if not porg: # assume the same organization
porg = ''
if not proj: # assume the same project
"""
def __init__(self, keys: [str], message: str):
self.keys = keys
self.message = message
# retrieve the stack configuration data
config = Config()
# set default tags to be applied to all taggable resources
stack = get_stack()
default_tags = {
'environment': stack
}
# Azure Bastion hosts in hub and spokes (until functional across peerings)
azure_bastion = config.get_bool('azure_bastion')
# Azure Firewall to route all Internet-bound traffic to designated next hop
forced_tunnel = config.get_bool('forced_tunnel')
# another stack in the same project and organization may be peered
peer = config.get('peer')
if peer:
org = config.require('org')
project = get_project()
reference = f'{org}/{project}/{peer}'
else:
reference = None
# validate firewall_address_space and hub_address_space
firewall_address_space = config.require('firewall_address_space')
