Create ITL.ControlPlane.Pulumi component package

**Ticket ID:** `CP-SDK-012`

## Create ITL.ControlPlane.Pulumi component package

### Background
Teams using Terraform or ARM today must learn the PolicyBuilder Python SDK before they can use ITL policies. A standalone Pulumi component package published as a pip package removes that barrier: teams install `itl-controlplane-pulumi` and use familiar Pulumi patterns in Python or TypeScript — without writing any SDK code themselves.

This is a thin orchestration layer. All policy logic stays in `ITL.ControlPlane.PolicyBuilder`. All resource provider logic stays in `ITL.ControlPlane.SDK`. This package only wires them together for Pulumi consumers.

### New repo
`ITlusions/ITL.ControlPlane.Pulumi`

### Package structure

```
ITL.ControlPlane.Pulumi/
├── sdk/
│   └── python/
│       └── itl_controlplane_pulumi/
│           ├── __init__.py
│           ├── landing_zone.py       <- ITLLandingZone component
│           ├── defender.py           <- DefenderInitiative component
│           ├── aks.py                <- AKSCluster component
│           └── helm_charts.py        <- HelmChartDistribution component
├── examples/
│   ├── azure/                        <- Azure-only examples
│   ├── itl/                          <- ITL ControlPlane-only examples
│   └── both/                         <- Dual-target examples
├── tests/
├── pyproject.toml
└── README.md
```

### Usage for teams

```python
import pulumi
from itl_controlplane_pulumi import ITLLandingZone, DefenderInitiative

# Full landing zone in one resource
landing_zone = ITLLandingZone("payments",
    subscription_id = "00000000-0000-0000-0000-000000000000",
    environment     = "production",
    owner           = "team@itlusions.com",
    budget          = 2000,
    azure_enabled   = True,
    itl_enabled     = True,
    aks_enabled     = True,
)

# Or individual components
defender = DefenderInitiative("defender",
    plans   = ["VirtualMachines", "Containers", "KeyVaults"],
    effect  = "DeployIfNotExists",
)
```

### Dependency chain

```
itl-controlplane-pulumi   <- this package (new)
    |
    +-> itl-policy-builder          (templates + DSL)
    +-> itl-controlplane-sdk        (resource provider patterns)
    +-> pulumi-azure-native         (Azure deployment)
```

### pyproject.toml

```toml
[project]
name = "itl-controlplane-pulumi"
version = "0.1.0"
dependencies = [
    "pulumi>=3.0.0",
    "pulumi-azure-native>=2.0.0",
    "itl-policy-builder>=1.0.0",
    "itl-controlplane-sdk>=1.0.0",
]
```

### Adoption path

```
Today:
  Team must learn Python SDK -> call PolicyBuilder directly

With this package:
  pip install itl-controlplane-pulumi
  -> Use familiar Pulumi patterns
  -> ITL compliance guaranteed
  -> No SDK knowledge required
```

### Acceptance Criteria
- [ ] Repo `ITlusions/ITL.ControlPlane.Pulumi` created with standard structure
- [ ] `ITLLandingZone` component instantiates without Azure credentials (dry-run mode)
- [ ] `DefenderInitiative` wraps PolicyBuilder defender templates — no logic duplication
- [ ] `AKSCluster` accepts `flux_repo` for itl-helm-charts integration
- [ ] Published to private PyPI (or GitHub Packages) as `itl-controlplane-pulumi`
- [ ] README includes quickstart and comparison with direct SDK usage

### Related
- CP-SDK-011 — Pulumi dual-target module in SDK (foundation for this package)
- ITL.ControlPlane.PolicyBuilder #9 — Pulumi serializer
- ITL.ControlPlane.SDK — dependency


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create ITL.ControlPlane.Pulumi component package #12