pulumi-azure-kotlin/com.pulumi.azure.synapse.kotlin/Workspace

Workspace

class Workspace : KotlinCustomResource

Manages a Synapse Workspace.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.DataLakeGen2Filesystem;
import com.pulumi.azure.storage.DataLakeGen2FilesystemArgs;
import com.pulumi.azure.synapse.Workspace;
import com.pulumi.azure.synapse.WorkspaceArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceAadAdminArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .accountKind("StorageV2")
            .isHnsEnabled("true")
            .build());
        var exampleDataLakeGen2Filesystem = new DataLakeGen2Filesystem("exampleDataLakeGen2Filesystem", DataLakeGen2FilesystemArgs.builder()
            .storageAccountId(exampleAccount.id())
            .build());
        var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .storageDataLakeGen2FilesystemId(exampleDataLakeGen2Filesystem.id())
            .sqlAdministratorLogin("sqladminuser")
            .sqlAdministratorLoginPassword("H@Sh1CoR3!")
            .aadAdmin(WorkspaceAadAdminArgs.builder()
                .login("AzureAD Admin")
                .objectId("00000000-0000-0000-0000-000000000000")
                .tenantId("00000000-0000-0000-0000-000000000000")
                .build())
            .identity(WorkspaceIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .tags(Map.of("Env", "production"))
            .build());
    }
}

Creating A Workspace With Customer Managed Key And Azure AD Admin

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.DataLakeGen2Filesystem;
import com.pulumi.azure.storage.DataLakeGen2FilesystemArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.synapse.Workspace;
import com.pulumi.azure.synapse.WorkspaceArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceCustomerManagedKeyArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceIdentityArgs;
import com.pulumi.azure.synapse.WorkspaceKey;
import com.pulumi.azure.synapse.WorkspaceKeyArgs;
import com.pulumi.azure.synapse.WorkspaceAadAdmin;
import com.pulumi.azure.synapse.WorkspaceAadAdminArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var current = CoreFunctions.getClientConfig();
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .accountKind("StorageV2")
            .isHnsEnabled("true")
            .build());
        var exampleDataLakeGen2Filesystem = new DataLakeGen2Filesystem("exampleDataLakeGen2Filesystem", DataLakeGen2FilesystemArgs.builder()
            .storageAccountId(exampleAccount.id())
            .build());
        var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .skuName("standard")
            .purgeProtectionEnabled(true)
            .build());
        var deployer = new AccessPolicy("deployer", AccessPolicyArgs.builder()
            .keyVaultId(exampleKeyVault.id())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .keyPermissions(
                "Create",
                "Get",
                "Delete",
                "Purge",
                "GetRotationPolicy")
            .build());
        var exampleKey = new Key("exampleKey", KeyArgs.builder()
            .keyVaultId(exampleKeyVault.id())
            .keyType("RSA")
            .keySize(2048)
            .keyOpts(
                "unwrapKey",
                "wrapKey")
            .build(), CustomResourceOptions.builder()
                .dependsOn(deployer)
                .build());
        var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .storageDataLakeGen2FilesystemId(exampleDataLakeGen2Filesystem.id())
            .sqlAdministratorLogin("sqladminuser")
            .sqlAdministratorLoginPassword("H@Sh1CoR3!")
            .customerManagedKey(WorkspaceCustomerManagedKeyArgs.builder()
                .keyVersionlessId(exampleKey.versionlessId())
                .keyName("enckey")
                .build())
            .identity(WorkspaceIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .tags(Map.of("Env", "production"))
            .build());
        var workspacePolicy = new AccessPolicy("workspacePolicy", AccessPolicyArgs.builder()
            .keyVaultId(exampleKeyVault.id())
            .tenantId(exampleWorkspace.identity().applyValue(identity -> identity.tenantId()))
            .objectId(exampleWorkspace.identity().applyValue(identity -> identity.principalId()))
            .keyPermissions(
                "Get",
                "WrapKey",
                "UnwrapKey")
            .build());
        var exampleWorkspaceKey = new WorkspaceKey("exampleWorkspaceKey", WorkspaceKeyArgs.builder()
            .customerManagedKeyVersionlessId(exampleKey.versionlessId())
            .synapseWorkspaceId(exampleWorkspace.id())
            .active(true)
            .customerManagedKeyName("enckey")
            .build(), CustomResourceOptions.builder()
                .dependsOn(workspacePolicy)
                .build());
        var exampleWorkspaceAadAdmin = new WorkspaceAadAdmin("exampleWorkspaceAadAdmin", WorkspaceAadAdminArgs.builder()
            .synapseWorkspaceId(exampleWorkspace.id())
            .login("AzureAD Admin")
            .objectId("00000000-0000-0000-0000-000000000000")
            .tenantId("00000000-0000-0000-0000-000000000000")
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleWorkspaceKey)
                .build());
    }
}

Import

Synapse Workspace can be imported using the resource id, e.g.

$ pulumi import azure:synapse/workspace:Workspace example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Synapse/workspaces/workspace1

Properties

aadAdmin

val aadAdmin: Output<WorkspaceAadAdmin>

An aad_admin block as defined below. Conflicts with customer_managed_key.

azureDevopsRepo

val azureDevopsRepo: Output<WorkspaceAzureDevopsRepo>?

An azure_devops_repo block as defined below.

computeSubnetId

val computeSubnetId: Output<String>?

Subnet ID used for computes in workspace Changing this forces a new resource to be created.

connectivityEndpoints

val connectivityEndpoints: Output<Map<String, String>>

A list of Connectivity endpoints for this Synapse Workspace.

customerManagedKey

val customerManagedKey: Output<WorkspaceCustomerManagedKey>?

A customer_managed_key block as defined below. Conflicts with aad_admin.

dataExfiltrationProtectionEnabled

val dataExfiltrationProtectionEnabled: Output<Boolean>?

Is data exfiltration protection enabled in this workspace? If set to true, managed_virtual_network_enabled must also be set to true. Changing this forces a new resource to be created.

githubRepo

val githubRepo: Output<WorkspaceGithubRepo>?

A github_repo block as defined below.

val id: Output<String>

identity

val identity: Output<WorkspaceIdentity>?

An identity block as defined below.

linkingAllowedForAadTenantIds

val linkingAllowedForAadTenantIds: Output<List<String>>?

Allowed AAD Tenant Ids For Linking.

location

val location: Output<String>

Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.

managedResourceGroupName

val managedResourceGroupName: Output<String>

Workspace managed resource group. Changing this forces a new resource to be created.

managedVirtualNetworkEnabled

val managedVirtualNetworkEnabled: Output<Boolean>?

Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created.

name

val name: Output<String>

Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.

publicNetworkAccessEnabled

val publicNetworkAccessEnabled: Output<Boolean>?

Whether public network access is allowed for the Cognitive Account. Defaults to true.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

purviewId

val purviewId: Output<String>?

The ID of purview account.

resourceGroupName

val resourceGroupName: Output<String>

Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.

sqlAadAdmin

val sqlAadAdmin: Output<WorkspaceSqlAadAdmin>

An sql_aad_admin block as defined below.

sqlAdministratorLogin

val sqlAdministratorLogin: Output<String>?

Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided aad_admin or customer_managed_key must be provided.

sqlAdministratorLoginPassword

val sqlAdministratorLoginPassword: Output<String>?

The Password associated with the sql_administrator_login for the SQL administrator. If this is not provided aad_admin or customer_managed_key must be provided.

sqlIdentityControlEnabled

val sqlIdentityControlEnabled: Output<Boolean>?

Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools?

storageDataLakeGen2FilesystemId

val storageDataLakeGen2FilesystemId: Output<String>

Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.