⚡ Lazy-load Azure network, AKS, IAM, and Redis sub-resources

providers/azure/resources/aks.go

@@ -18,7 +18,8 @@ import (
 )
 
 type mqlAzureSubscriptionAksServiceClusterInternal struct {
-	cacheKmsKeyId string
+	cacheKmsKeyId   string
+	cacheProperties *clusters.ManagedClusterProperties
 }
 
 func (a *mqlAzureSubscriptionAksService) id() (string, error) {
@@ -238,74 +239,6 @@ func (a *mqlAzureSubscriptionAksService) clusters() ([]any, error) {
 				skuTier = string(*entry.SKU.Tier)
 			}
 
-			// Create AAD Profile sub-resource
-			var aadProfileData *llx.RawData = llx.NilData
-			if entry.Properties.AADProfile != nil {
-				aadP := entry.Properties.AADProfile
-				adminGroupObjectIDs := []any{}
-				for _, gid := range aadP.AdminGroupObjectIDs {
-					if gid != nil {
-						adminGroupObjectIDs = append(adminGroupObjectIDs, *gid)
-					}
-				}
-				aadRes, err := CreateResource(a.MqlRuntime, "azure.subscription.aksService.cluster.aadProfile",
-					map[string]*llx.RawData{
-						"id":                  llx.StringData(*entry.ID + "/aadProfile"),
-						"managed":             llx.BoolDataPtr(aadP.Managed),
-						"enableAzureRBAC":     llx.BoolDataPtr(aadP.EnableAzureRBAC),
-						"adminGroupObjectIDs": llx.ArrayData(adminGroupObjectIDs, types.String),
-					})
-				if err != nil {
-					return nil, err
-				}
-				aadProfileData = llx.ResourceData(aadRes, "azure.subscription.aksService.cluster.aadProfile")
-			}
-
-			// Create Auto-Upgrade Profile sub-resource
-			var autoUpgradeProfileData *llx.RawData = llx.NilData
-			if entry.Properties.AutoUpgradeProfile != nil {
-				aup := entry.Properties.AutoUpgradeProfile
-				autoUpgradeRes, err := CreateResource(a.MqlRuntime, "azure.subscription.aksService.cluster.autoUpgradeProfile",
-					map[string]*llx.RawData{
-						"id":                   llx.StringData(*entry.ID + "/autoUpgradeProfile"),
-						"upgradeChannel":       llx.StringDataPtr((*string)(aup.UpgradeChannel)),
-						"nodeOSUpgradeChannel": llx.StringDataPtr((*string)(aup.NodeOSUpgradeChannel)),
-					})
-				if err != nil {
-					return nil, err
-				}
-				autoUpgradeProfileData = llx.ResourceData(autoUpgradeRes, "azure.subscription.aksService.cluster.autoUpgradeProfile")
-			}
-
-			// Create Advanced Networking sub-resource
-			var advancedNetworkingData *llx.RawData = llx.NilData
-			if entry.Properties.NetworkProfile != nil && entry.Properties.NetworkProfile.AdvancedNetworking != nil {
-				an := entry.Properties.NetworkProfile.AdvancedNetworking
-				var transitEncryptionType, accelerationMode *string
-				var securityEnabled *bool
-				if an.Security != nil {
-					securityEnabled = an.Security.Enabled
-					if an.Security.TransitEncryption != nil {
-						transitEncryptionType = (*string)(an.Security.TransitEncryption.Type)
-					}
-				}
-				if an.Performance != nil {
-					accelerationMode = (*string)(an.Performance.AccelerationMode)
-				}
-				anRes, err := CreateResource(a.MqlRuntime, "azure.subscription.aksService.cluster.advancedNetworking",
-					map[string]*llx.RawData{
-						"id":                    llx.StringData(*entry.ID + "/advancedNetworking"),
-						"enabled":               llx.BoolDataPtr(an.Enabled),
-						"transitEncryptionType": llx.StringDataPtr(transitEncryptionType),
-						"accelerationMode":      llx.StringDataPtr(accelerationMode),
-						"securityEnabled":       llx.BoolDataPtr(securityEnabled),
-					})
-				if err != nil {
-					return nil, err
-				}
-				advancedNetworkingData = llx.ResourceData(anRes, "azure.subscription.aksService.cluster.advancedNetworking")
-			}
-
 			mqlAksCluster, err := CreateResource(a.MqlRuntime, "azure.subscription.aksService.cluster",
 				map[string]*llx.RawData{
 					"id":                                llx.StringDataPtr(entry.ID),
@@ -351,16 +284,14 @@ func (a *mqlAzureSubscriptionAksService) clusters() ([]any, error) {
 					"nodeResourceGroupRestrictionLevel": llx.StringDataPtr(nodeResourceGroupRestrictionLevel),
 					"serviceMeshMode":                   llx.StringDataPtr(serviceMeshMode),
 					"supportPlan":                       llx.StringDataPtr((*string)(entry.Properties.SupportPlan)),
-					"advancedNetworking":                advancedNetworkingData,
-					"aadProfile":                        aadProfileData,
-					"autoUpgradeProfile":                autoUpgradeProfileData,
 				})
 			if err != nil {
 				return nil, err
 			}
 			mqlCluster := mqlAksCluster.(*mqlAzureSubscriptionAksServiceCluster)
 			mqlCluster.cacheKmsKeyId = azureKeyVaultKmsKeyId
-			res = append(res, mqlAksCluster)
+			mqlCluster.cacheProperties = entry.Properties
+			res = append(res, mqlCluster)
 		}
 	}
 	return res, nil
@@ -373,3 +304,46 @@ func (a *mqlAzureSubscriptionAksServiceCluster) azureKeyVaultKmsKey() (*mqlAzure
 	}
 	return newKeyVaultKeyResource(a.MqlRuntime, a.cacheKmsKeyId)
 }
+
+func (a *mqlAzureSubscriptionAksServiceCluster) aadProfile() (*mqlAzureSubscriptionAksServiceClusterAadProfile, error) {
+	if a.cacheProperties == nil || a.cacheProperties.AADProfile == nil {
+		a.AadProfile.State = plugin.StateIsSet | plugin.StateIsNull
+		return nil, nil
+	}
+	aadP := a.cacheProperties.AADProfile
+	adminGroupObjectIDs := []any{}
+	for _, gid := range aadP.AdminGroupObjectIDs {
+		if gid != nil {
+			adminGroupObjectIDs = append(adminGroupObjectIDs, *gid)
+		}
+	}
+	aadRes, err := CreateResource(a.MqlRuntime, "azure.subscription.aksService.cluster.aadProfile",
+		map[string]*llx.RawData{
+			"id":                  llx.StringData(a.Id.Data + "/aadProfile"),
+			"managed":             llx.BoolDataPtr(aadP.Managed),
+			"enableAzureRBAC":     llx.BoolDataPtr(aadP.EnableAzureRBAC),
+			"adminGroupObjectIDs": llx.ArrayData(adminGroupObjectIDs, types.String),
+		})
+	if err != nil {
+		return nil, err
+	}
+	return aadRes.(*mqlAzureSubscriptionAksServiceClusterAadProfile), nil
+}
+
+func (a *mqlAzureSubscriptionAksServiceCluster) autoUpgradeProfile() (*mqlAzureSubscriptionAksServiceClusterAutoUpgradeProfile, error) {
+	if a.cacheProperties == nil || a.cacheProperties.AutoUpgradeProfile == nil {
+		a.AutoUpgradeProfile.State = plugin.StateIsSet | plugin.StateIsNull
+		return nil, nil
+	}
+	aup := a.cacheProperties.AutoUpgradeProfile
+	autoUpgradeRes, err := CreateResource(a.MqlRuntime, "azure.subscription.aksService.cluster.autoUpgradeProfile",
+		map[string]*llx.RawData{
+			"id":                   llx.StringData(a.Id.Data + "/autoUpgradeProfile"),
+			"upgradeChannel":       llx.StringDataPtr((*string)(aup.UpgradeChannel)),
+			"nodeOSUpgradeChannel": llx.StringDataPtr((*string)(aup.NodeOSUpgradeChannel)),
+		})
+	if err != nil {
+		return nil, err
+	}
+	return autoUpgradeRes.(*mqlAzureSubscriptionAksServiceClusterAutoUpgradeProfile), nil
+}

providers/azure/resources/azure.lr

@@ -469,11 +469,11 @@ azure.subscription.networkService.virtualNetworkGateway @defaults("id name locat
   // VNet gateway VPN type
   vpnType string
   // VNet gateway IP configurations
-  ipConfigurations []azure.subscription.networkService.virtualNetworkGateway.ipConfig
+  ipConfigurations() []azure.subscription.networkService.virtualNetworkGateway.ipConfig
   // VNet gateway BGP settings
-  bgpSettings azure.subscription.networkService.bgpSettings
+  bgpSettings() azure.subscription.networkService.bgpSettings
   // VNet gateway NAT rules
-  natRules []azure.subscription.networkService.virtualNetworkGateway.natRule
+  natRules() []azure.subscription.networkService.virtualNetworkGateway.natRule
   // Applicable connections for the gateway
   connections() []azure.subscription.networkService.virtualNetworkGateway.connection
   // VPN client configuration (only set if P2S is configured for the gateway)
@@ -525,15 +525,15 @@ azure.subscription.networkService.firewall @defaults("id name location") {
   // Policy associated with this firewall
   policy() azure.subscription.networkService.firewallPolicy
   // List of IP configurations for the firewall
-  ipConfigurations []azure.subscription.networkService.firewall.ipConfig
+  ipConfigurations() []azure.subscription.networkService.firewall.ipConfig
   // The IP configuration used for management traffic
-  managementIpConfiguration azure.subscription.networkService.firewall.ipConfig
+  managementIpConfiguration() azure.subscription.networkService.firewall.ipConfig
   // List of network rules for the firewall
-  networkRules []azure.subscription.networkService.firewall.networkRule
+  networkRules() []azure.subscription.networkService.firewall.networkRule
   // List of NAT rules for the firewall
-  natRules []azure.subscription.networkService.firewall.natRule
+  natRules() []azure.subscription.networkService.firewall.natRule
   // List of application rules for the firewall
-  applicationRules []azure.subscription.networkService.firewall.applicationRule
+  applicationRules() []azure.subscription.networkService.firewall.applicationRule
 }
 
 // Azure network firewall IP configuration
@@ -815,19 +815,19 @@ azure.subscription.networkService.loadBalancer @defaults("id name location") {
   // Load Balancer SKU tier ("Global" or "Regional")
   skuTier string
   // List of Load Balancer probes
-  probes []azure.subscription.networkService.probe
+  probes() []azure.subscription.networkService.probe
   // List of Load Balancer backend address pools
-  backendPools []azure.subscription.networkService.backendAddressPool
+  backendPools() []azure.subscription.networkService.backendAddressPool
   // List of Load Balancer frontend IP configurations
-  frontendIpConfigs []azure.subscription.networkService.frontendIpConfig
+  frontendIpConfigs() []azure.subscription.networkService.frontendIpConfig
   // List of Load Balancer inbound NAT pools
-  inboundNatPools []azure.subscription.networkService.inboundNatPool
+  inboundNatPools() []azure.subscription.networkService.inboundNatPool
   // List of Load Balancer inbound NAT rules
-  inboundNatRules []azure.subscription.networkService.inboundNatRule
+  inboundNatRules() []azure.subscription.networkService.inboundNatRule
   // List of Load Balancer outbound rules
-  outboundRules []azure.subscription.networkService.outboundRule
+  outboundRules() []azure.subscription.networkService.outboundRule
   // List of Load Balancer rules
-  loadBalancerRules []azure.subscription.networkService.loadBalancerRule
+  loadBalancerRules() []azure.subscription.networkService.loadBalancerRule
 }
 
 // Azure network probe
@@ -1025,11 +1025,11 @@ private azure.subscription.networkService.securityGroup @defaults("id name locat
   // Security group properties
   properties dict
   // Security group interfaces
-  interfaces []azure.subscription.networkService.interface
+  interfaces() []azure.subscription.networkService.interface
   // Security group rules
-  securityRules []azure.subscription.networkService.securityrule
+  securityRules() []azure.subscription.networkService.securityrule
   // Security group default security rules
-  defaultSecurityRules []azure.subscription.networkService.securityrule
+  defaultSecurityRules() []azure.subscription.networkService.securityrule
 }
 
 // Azure network security rule
@@ -3330,7 +3330,7 @@ private azure.subscription.authorizationService.roleDefinition @defaults ("name
   // Scopes for which the role definition applies
   scopes []string
   // Permissions that are attached to the role definition
-  permissions []azure.subscription.authorizationService.roleDefinition.permission
+  permissions() []azure.subscription.authorizationService.roleDefinition.permission
 }
 
 // Azure role definition permission
@@ -3470,9 +3470,9 @@ azure.subscription.aksService.cluster @defaults("name location kubernetesVersion
   // Advanced networking configuration for the cluster
   advancedNetworking azure.subscription.aksService.cluster.advancedNetworking
   // Azure Active Directory configuration for the cluster
-  aadProfile azure.subscription.aksService.cluster.aadProfile
+  aadProfile() azure.subscription.aksService.cluster.aadProfile
   // Auto-upgrade configuration for the cluster
-  autoUpgradeProfile azure.subscription.aksService.cluster.autoUpgradeProfile
+  autoUpgradeProfile() azure.subscription.aksService.cluster.autoUpgradeProfile
 }
 
 // Azure Kubernetes Service cluster AAD profile
@@ -3682,7 +3682,7 @@ azure.subscription.cacheService.redisInstance @defaults("id hostName") {
   // Key Vault key used for customer-managed encryption (null if platform-managed)
   encryptionKey() azure.subscription.keyVaultService.key
   // Private endpoint connections for the Redis cache
-  privateEndpointConnections []azure.subscription.cacheService.redisInstance.privateEndpointConnection
+  privateEndpointConnections() []azure.subscription.cacheService.redisInstance.privateEndpointConnection
   // Firewall rules for the Redis cache
   firewallRules() []azure.subscription.cacheService.redisInstance.firewallRule
   // Patch schedules for the Redis cache