Initial Pulumi Typescript implementation
Some checks failed
Pulumi / pulumi (push) Failing after 1m17s
Some checks failed
Pulumi / pulumi (push) Failing after 1m17s
This commit is contained in:
Prox
164
index.ts
Normal file
164
index.ts
Normal file
@@ -0,0 +1,164 @@
|
||||
import * as pulumi from "@pulumi/pulumi";
|
||||
import { Group, Policy, SetupKey, NetBirdConfig } from "./netbird";
|
||||
|
||||
// =============================================================================
|
||||
// Configuration
|
||||
// =============================================================================
|
||||
const config = new pulumi.Config("netbird");
|
||||
const netbirdConfig: NetBirdConfig = {
|
||||
url: config.require("url"),
|
||||
token: config.requireSecret("token"),
|
||||
};
|
||||
|
||||
// =============================================================================
|
||||
// Groups - Achilles Network Structure
|
||||
// =============================================================================
|
||||
const groups = {
|
||||
groundStations: new Group(
|
||||
"ground-stations",
|
||||
{ name: "ground-stations", peers: [] },
|
||||
netbirdConfig
|
||||
),
|
||||
pilots: new Group("pilots", { name: "pilots", peers: [] }, netbirdConfig),
|
||||
operators: new Group(
|
||||
"operators",
|
||||
{ name: "operators", peers: [] },
|
||||
netbirdConfig
|
||||
),
|
||||
fusionServers: new Group(
|
||||
"fusion-servers",
|
||||
{ name: "fusion-servers", peers: [] },
|
||||
netbirdConfig
|
||||
),
|
||||
};
|
||||
|
||||
// =============================================================================
|
||||
// Policies - Access Control
|
||||
// =============================================================================
|
||||
const policies = {
|
||||
pilotToGs: new Policy(
|
||||
"pilot-to-ground-station",
|
||||
{
|
||||
name: "pilot-to-ground-station",
|
||||
description: "Allow pilots to connect to ground stations",
|
||||
enabled: true,
|
||||
rules: [
|
||||
{
|
||||
name: "pilot-gs-access",
|
||||
description: "Pilots can access ground stations",
|
||||
enabled: true,
|
||||
sources: [groups.pilots.id],
|
||||
destinations: [groups.groundStations.id],
|
||||
bidirectional: true,
|
||||
protocol: "all",
|
||||
action: "accept",
|
||||
},
|
||||
],
|
||||
},
|
||||
netbirdConfig,
|
||||
{ dependsOn: [groups.pilots, groups.groundStations] }
|
||||
),
|
||||
|
||||
operatorFullAccess: new Policy(
|
||||
"operator-full-access",
|
||||
{
|
||||
name: "operator-full-access",
|
||||
description: "Operators can access all network resources",
|
||||
enabled: true,
|
||||
rules: [
|
||||
{
|
||||
name: "operator-all",
|
||||
description: "Full operator access",
|
||||
enabled: true,
|
||||
sources: [groups.operators.id],
|
||||
destinations: [
|
||||
groups.groundStations.id,
|
||||
groups.pilots.id,
|
||||
groups.fusionServers.id,
|
||||
],
|
||||
bidirectional: true,
|
||||
protocol: "all",
|
||||
action: "accept",
|
||||
},
|
||||
],
|
||||
},
|
||||
netbirdConfig,
|
||||
{
|
||||
dependsOn: [
|
||||
groups.operators,
|
||||
groups.groundStations,
|
||||
groups.pilots,
|
||||
groups.fusionServers,
|
||||
],
|
||||
}
|
||||
),
|
||||
|
||||
fusionToGs: new Policy(
|
||||
"fusion-to-ground-station",
|
||||
{
|
||||
name: "fusion-to-ground-station",
|
||||
description: "Fusion servers coordinate with ground stations",
|
||||
enabled: true,
|
||||
rules: [
|
||||
{
|
||||
name: "fusion-gs",
|
||||
description: "Fusion to GS access",
|
||||
enabled: true,
|
||||
sources: [groups.fusionServers.id],
|
||||
destinations: [groups.groundStations.id],
|
||||
bidirectional: true,
|
||||
protocol: "all",
|
||||
action: "accept",
|
||||
},
|
||||
],
|
||||
},
|
||||
netbirdConfig,
|
||||
{ dependsOn: [groups.fusionServers, groups.groundStations] }
|
||||
),
|
||||
};
|
||||
|
||||
// =============================================================================
|
||||
// Setup Keys - Peer Onboarding
|
||||
// =============================================================================
|
||||
const setupKeys = {
|
||||
gsOnboarding: new SetupKey(
|
||||
"ground-station-onboarding",
|
||||
{
|
||||
name: "ground-station-onboarding",
|
||||
type: "reusable",
|
||||
autoGroups: [groups.groundStations.id],
|
||||
usageLimit: 0,
|
||||
expiresIn: 0,
|
||||
ephemeral: false,
|
||||
},
|
||||
netbirdConfig,
|
||||
{ dependsOn: [groups.groundStations] }
|
||||
),
|
||||
|
||||
pilotOnboarding: new SetupKey(
|
||||
"pilot-onboarding",
|
||||
{
|
||||
name: "pilot-onboarding",
|
||||
type: "reusable",
|
||||
autoGroups: [groups.pilots.id],
|
||||
usageLimit: 0,
|
||||
expiresIn: 2592000, // 30 days
|
||||
ephemeral: false,
|
||||
},
|
||||
netbirdConfig,
|
||||
{ dependsOn: [groups.pilots] }
|
||||
),
|
||||
};
|
||||
|
||||
// =============================================================================
|
||||
// Outputs
|
||||
// =============================================================================
|
||||
export const groupIds = {
|
||||
groundStations: groups.groundStations.id,
|
||||
pilots: groups.pilots.id,
|
||||
operators: groups.operators.id,
|
||||
fusionServers: groups.fusionServers.id,
|
||||
};
|
||||
|
||||
export const gsSetupKey = pulumi.secret(setupKeys.gsOnboarding.key);
|
||||
export const pilotSetupKey = pulumi.secret(setupKeys.pilotOnboarding.key);
|
||||
Reference in New Issue
Block a user