pulumi-azure-kotlin/com.pulumi.azure.synapse.kotlin/WorkspaceKey

WorkspaceKey

class WorkspaceKey : KotlinCustomResource

Manages Synapse Workspace keys

Note: Keys that are actively protecting a workspace cannot be deleted. When the keys resource is deleted, if the key is inactive it will be deleted, if it is active it will not be deleted.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.DataLakeGen2Filesystem;
import com.pulumi.azure.storage.DataLakeGen2FilesystemArgs;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.synapse.Workspace;
import com.pulumi.azure.synapse.WorkspaceArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceCustomerManagedKeyArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceIdentityArgs;
import com.pulumi.azure.synapse.WorkspaceKey;
import com.pulumi.azure.synapse.WorkspaceKeyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .accountKind("StorageV2")
            .isHnsEnabled("true")
            .build());
        var exampleDataLakeGen2Filesystem = new DataLakeGen2Filesystem("exampleDataLakeGen2Filesystem", DataLakeGen2FilesystemArgs.builder()
            .storageAccountId(exampleAccount.id())
            .build());
        final var current = CoreFunctions.getClientConfig();
        var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .skuName("standard")
            .purgeProtectionEnabled(true)
            .build());
        var deployer = new AccessPolicy("deployer", AccessPolicyArgs.builder()
            .keyVaultId(exampleKeyVault.id())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .keyPermissions(
                "Create",
                "Get",
                "Delete",
                "Purge",
                "GetRotationPolicy")
            .build());
        var exampleKey = new Key("exampleKey", KeyArgs.builder()
            .keyVaultId(exampleKeyVault.id())
            .keyType("RSA")
            .keySize(2048)
            .keyOpts(
                "unwrapKey",
                "wrapKey")
            .build(), CustomResourceOptions.builder()
                .dependsOn(deployer)
                .build());
        var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .storageDataLakeGen2FilesystemId(exampleDataLakeGen2Filesystem.id())
            .sqlAdministratorLogin("sqladminuser")
            .sqlAdministratorLoginPassword("H@Sh1CoR3!")
            .customerManagedKey(WorkspaceCustomerManagedKeyArgs.builder()
                .keyVersionlessId(exampleKey.versionlessId())
                .keyName("enckey")
                .build())
            .identity(WorkspaceIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .tags(Map.of("Env", "production"))
            .build());
        var workspacePolicy = new AccessPolicy("workspacePolicy", AccessPolicyArgs.builder()
            .keyVaultId(exampleKeyVault.id())
            .tenantId(exampleWorkspace.identity().applyValue(identity -> identity.tenantId()))
            .objectId(exampleWorkspace.identity().applyValue(identity -> identity.principalId()))
            .keyPermissions(
                "Get",
                "WrapKey",
                "UnwrapKey")
            .build());
        var exampleWorkspaceKey = new WorkspaceKey("exampleWorkspaceKey", WorkspaceKeyArgs.builder()
            .customerManagedKeyVersionlessId(exampleKey.versionlessId())
            .synapseWorkspaceId(exampleWorkspace.id())
            .active(true)
            .customerManagedKeyName("enckey")
            .build(), CustomResourceOptions.builder()
                .dependsOn(workspacePolicy)
                .build());
    }
}
Content copied to clipboard

Import

Synapse Workspace Keys can be imported using the resource id, e.g.

$ pulumi import azure:synapse/workspaceKey:WorkspaceKey example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Synapse/workspaces/workspace1/keys/key1
Content copied to clipboard

Properties

Link copied to clipboard
val active: Output<Boolean>

Specifies if the workspace should be encrypted with this key.

Link copied to clipboard
val customerManagedKeyName: Output<String>

Specifies the name of the workspace key. Should match the name of the key in the synapse workspace.

Link copied to clipboard
val customerManagedKeyVersionlessId: Output<String>?

The Azure Key Vault Key Versionless ID to be used as the Customer Managed Key (CMK) for double encryption

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val synapseWorkspaceId: Output<String>

The ID of the Synapse Workspace where the encryption key should be configured.

Link copied to clipboard
val urn: Output<String>