pulumi-azure-kotlin/com.pulumi.azure.synapse.kotlin/WorkspaceVulnerabilityAssessment

WorkspaceVulnerabilityAssessment

class WorkspaceVulnerabilityAssessment : KotlinCustomResource

Manages the Vulnerability Assessment for a Synapse Workspace.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.Container;
import com.pulumi.azure.storage.ContainerArgs;
import com.pulumi.azure.storage.DataLakeGen2Filesystem;
import com.pulumi.azure.storage.DataLakeGen2FilesystemArgs;
import com.pulumi.azure.synapse.Workspace;
import com.pulumi.azure.synapse.WorkspaceArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceAadAdminArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceIdentityArgs;
import com.pulumi.azure.synapse.WorkspaceSecurityAlertPolicy;
import com.pulumi.azure.synapse.WorkspaceSecurityAlertPolicyArgs;
import com.pulumi.azure.synapse.WorkspaceVulnerabilityAssessment;
import com.pulumi.azure.synapse.WorkspaceVulnerabilityAssessmentArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceVulnerabilityAssessmentRecurringScansArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .accountKind("StorageV2")
            .isHnsEnabled("true")
            .build());
        var exampleContainer = new Container("exampleContainer", ContainerArgs.builder()
            .storageAccountName(exampleAccount.name())
            .build());
        var exampleDataLakeGen2Filesystem = new DataLakeGen2Filesystem("exampleDataLakeGen2Filesystem", DataLakeGen2FilesystemArgs.builder()
            .storageAccountId(exampleAccount.id())
            .build());
        var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .storageDataLakeGen2FilesystemId(exampleDataLakeGen2Filesystem.id())
            .sqlAdministratorLogin("sqladminuser")
            .sqlAdministratorLoginPassword("H@Sh1CoR3!")
            .aadAdmin(WorkspaceAadAdminArgs.builder()
                .login("AzureAD Admin")
                .objectId("00000000-0000-0000-0000-000000000000")
                .tenantId("00000000-0000-0000-0000-000000000000")
                .build())
            .identity(WorkspaceIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .tags(Map.of("Env", "production"))
            .build());
        var auditLogs = new Account("auditLogs", AccountArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .build());
        var exampleWorkspaceSecurityAlertPolicy = new WorkspaceSecurityAlertPolicy("exampleWorkspaceSecurityAlertPolicy", WorkspaceSecurityAlertPolicyArgs.builder()
            .synapseWorkspaceId(exampleWorkspace.id())
            .policyState("Enabled")
            .storageEndpoint(auditLogs.primaryBlobEndpoint())
            .storageAccountAccessKey(auditLogs.primaryAccessKey())
            .disabledAlerts(
                "Sql_Injection",
                "Data_Exfiltration")
            .retentionDays(20)
            .build());
        var exampleWorkspaceVulnerabilityAssessment = new WorkspaceVulnerabilityAssessment("exampleWorkspaceVulnerabilityAssessment", WorkspaceVulnerabilityAssessmentArgs.builder()
            .workspaceSecurityAlertPolicyId(exampleWorkspaceSecurityAlertPolicy.id())
            .storageContainerPath(Output.tuple(exampleAccount.primaryBlobEndpoint(), exampleContainer.name()).applyValue(values -> {
                var primaryBlobEndpoint = values.t1;
                var name = values.t2;
                return String.format("%s%s/", primaryBlobEndpoint,name);
            }))
            .storageAccountAccessKey(exampleAccount.primaryAccessKey())
            .recurringScans(WorkspaceVulnerabilityAssessmentRecurringScansArgs.builder()
                .enabled(true)
                .emailSubscriptionAdminsEnabled(true)
                .emails(
                    "email@example1.com",
                    "email@example2.com")
                .build())
            .build());
    }
}
Content copied to clipboard

Import

Synapse Workspace Vulnerability Assessment can be imported using the resource id, e.g.

$ pulumi import azure:synapse/workspaceVulnerabilityAssessment:WorkspaceVulnerabilityAssessment example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Synapse/workspaces/workspace1/vulnerabilityAssessments/default
Content copied to clipboard

Properties

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val recurringScans: Output<WorkspaceVulnerabilityAssessmentRecurringScans>

The recurring scans settings. The recurring_scans block supports fields documented below.

Link copied to clipboard
val storageAccountAccessKey: Output<String>?

Specifies the identifier key of the storage account for vulnerability assessment scan results. If storage_container_sas_key isn't specified, storage_account_access_key is required.

Link copied to clipboard
val storageContainerPath: Output<String>

A blob storage container path to hold the scan results (e.g. https://example.blob.core.windows.net/VaScans/).

Link copied to clipboard
val storageContainerSasKey: Output<String>?

A shared access signature (SAS Key) that has write access to the blob container specified in storage_container_path parameter. If storage_account_access_key isn't specified, storage_container_sas_key is required.

Link copied to clipboard
val urn: Output<String>
Link copied to clipboard
val workspaceSecurityAlertPolicyId: Output<String>

The ID of the security alert policy of the Synapse Workspace. Changing this forces a new resource to be created.