def __init__(self, opts: Optional[pulumi.ResourceOptions] = None) -> None: super().__init__( "grapl:TestUserPassword", "test-user-password", None, opts, ) self.secret = aws.secretsmanager.Secret( "test-user-password", name=f"{STACK_NAME}-TestUserPassword", description="The Grapl test user's password", recovery_window_in_days=0, # delete immediately opts=pulumi.ResourceOptions(parent=self), ) self.random_uuid = random.RandomUuid( "test-user-password-string", opts=pulumi.ResourceOptions(parent=self, additional_secret_outputs=["result"]), ) # TODO: What do we do about rotation? self.version = aws.secretsmanager.SecretVersion( "test-user-password-version", secret_id=self.secret.id, secret_string=self.random_uuid.result, opts=pulumi.ResourceOptions(parent=self), ) self.register_outputs({}) self.secret_id = self.secret.id
def __init__(self, opts: Optional[pulumi.ResourceOptions] = None) -> None: super().__init__( "grapl:JWTSecret", "jwt-secret", None, opts, ) self.secret = aws.secretsmanager.Secret( "edge-jwt-secret", # TODO: Ultimately we don't want to care about this... it's # just what the local services expect at the moment. As we # move more things over to Pulumi, we'll be able to inject # this automatically into, e.g., Lambda function environments. name="JWT_SECRET_ID" if LOCAL_GRAPL else None, description= "The JWT secret that Grapl uses to authenticate its API", opts=pulumi.ResourceOptions(parent=self), ) self.random_uuid = random.RandomUuid( "jwt-secret-uuid", opts=pulumi.ResourceOptions(parent=self, additional_secret_outputs=["result"]), ) # TODO: What do we do about rotation? self.version = aws.secretsmanager.SecretVersion( "jwt-secret-version", secret_id=self.secret.id, secret_string=self.random_uuid.result, opts=pulumi.ResourceOptions(parent=self), ) self.register_outputs({})
), sql_administrator_login="******", sql_administrator_login_password=random.RandomPassword("workspacePwd", length=12).result) allow_all = synapse.IpFirewallRule("allowAll", resource_group_name=resource_group.name, workspace_name=workspace.name, rule_name="allowAll", end_ip_address="255.255.255.255", start_ip_address="0.0.0.0") subscription_id = resource_group.id.apply(lambda id: id.split('/')[2]) role_definition_id = subscription_id.apply(lambda id: f"/subscriptions/{id}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe") storage_access = authorization.RoleAssignment("storageAccess", role_assignment_name=random.RandomUuid("roleName").result, scope=storage_account.id, principal_id=workspace.identity.principal_id.apply(lambda v: v or "<preview>"), principal_type="ServicePrincipal", role_definition_id=role_definition_id) user_access = authorization.RoleAssignment("userAccess", role_assignment_name=random.RandomUuid("userRoleName").result, scope=storage_account.id, principal_id=config.get("userObjectId"), principal_type="User", role_definition_id=role_definition_id) sql_pool = synapse.SqlPool("sqlPool", resource_group_name=resource_group.name, location=resource_group.location,
import pulumi import pulumi_random config = pulumi.Config() testScenario = config.require_int("scenario") if testScenario == 1: r1 = pulumi_random.RandomUuid("r1") elif testScenario == 2: r2 = pulumi_random.RandomUuid("r2", keepers={}) elif testScenario == 3: r3 = pulumi_random.RandomUuid("r3", keepers={ "foo": "bar" })