Database
Manages a Database Vulnerability Assessment Rule Baseline.
Note: Database Vulnerability Assessment is currently only available for MS SQL databases.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleServer = new azure.mssql.Server("example", {
name: "mysqlserver",
resourceGroupName: example.name,
location: example.location,
version: "12.0",
administratorLogin: "4dm1n157r470r",
administratorLoginPassword: "4-v3ry-53cr37-p455w0rd",
});
const exampleAccount = new azure.storage.Account("example", {
name: "accteststorageaccount",
resourceGroupName: example.name,
location: example.location,
accountTier: "Standard",
accountReplicationType: "GRS",
});
const exampleContainer = new azure.storage.Container("example", {
name: "accteststoragecontainer",
storageAccountName: exampleAccount.name,
containerAccessType: "private",
});
const exampleServerSecurityAlertPolicy = new azure.mssql.ServerSecurityAlertPolicy("example", {
resourceGroupName: example.name,
serverName: exampleServer.name,
state: "Enabled",
});
const exampleDatabase = new azure.mssql.Database("example", {
name: "mysqldatabase",
serverId: test.id,
});
const exampleServerVulnerabilityAssessment = new azure.mssql.ServerVulnerabilityAssessment("example", {
serverSecurityAlertPolicyId: exampleServerSecurityAlertPolicy.id,
storageContainerPath: pulumi.interpolate`${exampleAccount.primaryBlobEndpoint}${exampleContainer.name}/`,
storageAccountAccessKey: exampleAccount.primaryAccessKey,
});
const exampleDatabaseVulnerabilityAssessmentRuleBaseline = new azure.mssql.DatabaseVulnerabilityAssessmentRuleBaseline("example", {
serverVulnerabilityAssessmentId: exampleServerVulnerabilityAssessment.id,
databaseName: exampleDatabase.name,
ruleId: "VA2065",
baselineName: "master",
baselineResults: [
{
results: [
"allowedip1",
"123.123.123.123",
"123.123.123.123",
],
},
{
results: [
"allowedip2",
"255.255.255.255",
"255.255.255.255",
],
},
],
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_server = azure.mssql.Server("example",
name="mysqlserver",
resource_group_name=example.name,
location=example.location,
version="12.0",
administrator_login="4dm1n157r470r",
administrator_login_password="4-v3ry-53cr37-p455w0rd")
example_account = azure.storage.Account("example",
name="accteststorageaccount",
resource_group_name=example.name,
location=example.location,
account_tier="Standard",
account_replication_type="GRS")
example_container = azure.storage.Container("example",
name="accteststoragecontainer",
storage_account_name=example_account.name,
container_access_type="private")
example_server_security_alert_policy = azure.mssql.ServerSecurityAlertPolicy("example",
resource_group_name=example.name,
server_name=example_server.name,
state="Enabled")
example_database = azure.mssql.Database("example",
name="mysqldatabase",
server_id=test["id"])
example_server_vulnerability_assessment = azure.mssql.ServerVulnerabilityAssessment("example",
server_security_alert_policy_id=example_server_security_alert_policy.id,
storage_container_path=pulumi.Output.all(
primary_blob_endpoint=example_account.primary_blob_endpoint,
name=example_container.name
).apply(lambda resolved_outputs: f"{resolved_outputs['primary_blob_endpoint']}{resolved_outputs['name']}/")
,
storage_account_access_key=example_account.primary_access_key)
example_database_vulnerability_assessment_rule_baseline = azure.mssql.DatabaseVulnerabilityAssessmentRuleBaseline("example",
server_vulnerability_assessment_id=example_server_vulnerability_assessment.id,
database_name=example_database.name,
rule_id="VA2065",
baseline_name="master",
baseline_results=[
{
"results": [
"allowedip1",
"123.123.123.123",
"123.123.123.123",
],
},
{
"results": [
"allowedip2",
"255.255.255.255",
"255.255.255.255",
],
},
])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleServer = new Azure.MSSql.Server("example", new()
{
Name = "mysqlserver",
ResourceGroupName = example.Name,
Location = example.Location,
Version = "12.0",
AdministratorLogin = "4dm1n157r470r",
AdministratorLoginPassword = "4-v3ry-53cr37-p455w0rd",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "accteststorageaccount",
ResourceGroupName = example.Name,
Location = example.Location,
AccountTier = "Standard",
AccountReplicationType = "GRS",
});
var exampleContainer = new Azure.Storage.Container("example", new()
{
Name = "accteststoragecontainer",
StorageAccountName = exampleAccount.Name,
ContainerAccessType = "private",
});
var exampleServerSecurityAlertPolicy = new Azure.MSSql.ServerSecurityAlertPolicy("example", new()
{
ResourceGroupName = example.Name,
ServerName = exampleServer.Name,
State = "Enabled",
});
var exampleDatabase = new Azure.MSSql.Database("example", new()
{
Name = "mysqldatabase",
ServerId = test.Id,
});
var exampleServerVulnerabilityAssessment = new Azure.MSSql.ServerVulnerabilityAssessment("example", new()
{
ServerSecurityAlertPolicyId = exampleServerSecurityAlertPolicy.Id,
StorageContainerPath = Output.Tuple(exampleAccount.PrimaryBlobEndpoint, exampleContainer.Name).Apply(values =>
{
var primaryBlobEndpoint = values.Item1;
var name = values.Item2;
return $"{primaryBlobEndpoint}{name}/";
}),
StorageAccountAccessKey = exampleAccount.PrimaryAccessKey,
});
var exampleDatabaseVulnerabilityAssessmentRuleBaseline = new Azure.MSSql.DatabaseVulnerabilityAssessmentRuleBaseline("example", new()
{
ServerVulnerabilityAssessmentId = exampleServerVulnerabilityAssessment.Id,
DatabaseName = exampleDatabase.Name,
RuleId = "VA2065",
BaselineName = "master",
BaselineResults = new[]
{
new Azure.MSSql.Inputs.DatabaseVulnerabilityAssessmentRuleBaselineBaselineResultArgs
{
Results = new[]
{
"allowedip1",
"123.123.123.123",
"123.123.123.123",
},
},
new Azure.MSSql.Inputs.DatabaseVulnerabilityAssessmentRuleBaselineBaselineResultArgs
{
Results = new[]
{
"allowedip2",
"255.255.255.255",
"255.255.255.255",
},
},
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/mssql"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleServer, err := mssql.NewServer(ctx, "example", &mssql.ServerArgs{
Name: pulumi.String("mysqlserver"),
ResourceGroupName: example.Name,
Location: example.Location,
Version: pulumi.String("12.0"),
AdministratorLogin: pulumi.String("4dm1n157r470r"),
AdministratorLoginPassword: pulumi.String("4-v3ry-53cr37-p455w0rd"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("accteststorageaccount"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("GRS"),
})
if err != nil {
return err
}
exampleContainer, err := storage.NewContainer(ctx, "example", &storage.ContainerArgs{
Name: pulumi.String("accteststoragecontainer"),
StorageAccountName: exampleAccount.Name,
ContainerAccessType: pulumi.String("private"),
})
if err != nil {
return err
}
exampleServerSecurityAlertPolicy, err := mssql.NewServerSecurityAlertPolicy(ctx, "example", &mssql.ServerSecurityAlertPolicyArgs{
ResourceGroupName: example.Name,
ServerName: exampleServer.Name,
State: pulumi.String("Enabled"),
})
if err != nil {
return err
}
exampleDatabase, err := mssql.NewDatabase(ctx, "example", &mssql.DatabaseArgs{
Name: pulumi.String("mysqldatabase"),
ServerId: pulumi.Any(test.Id),
})
if err != nil {
return err
}
exampleServerVulnerabilityAssessment, err := mssql.NewServerVulnerabilityAssessment(ctx, "example", &mssql.ServerVulnerabilityAssessmentArgs{
ServerSecurityAlertPolicyId: exampleServerSecurityAlertPolicy.ID(),
StorageContainerPath: pulumi.All(exampleAccount.PrimaryBlobEndpoint, exampleContainer.Name).ApplyT(func(_args []interface{}) (string, error) {
primaryBlobEndpoint := _args[0].(string)
name := _args[1].(string)
return fmt.Sprintf("%v%v/", primaryBlobEndpoint, name), nil
}).(pulumi.StringOutput),
StorageAccountAccessKey: exampleAccount.PrimaryAccessKey,
})
if err != nil {
return err
}
_, err = mssql.NewDatabaseVulnerabilityAssessmentRuleBaseline(ctx, "example", &mssql.DatabaseVulnerabilityAssessmentRuleBaselineArgs{
ServerVulnerabilityAssessmentId: exampleServerVulnerabilityAssessment.ID(),
DatabaseName: exampleDatabase.Name,
RuleId: pulumi.String("VA2065"),
BaselineName: pulumi.String("master"),
BaselineResults: mssql.DatabaseVulnerabilityAssessmentRuleBaselineBaselineResultArray{
&mssql.DatabaseVulnerabilityAssessmentRuleBaselineBaselineResultArgs{
Results: pulumi.StringArray{
pulumi.String("allowedip1"),
pulumi.String("123.123.123.123"),
pulumi.String("123.123.123.123"),
},
},
&mssql.DatabaseVulnerabilityAssessmentRuleBaselineBaselineResultArgs{
Results: pulumi.StringArray{
pulumi.String("allowedip2"),
pulumi.String("255.255.255.255"),
pulumi.String("255.255.255.255"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.Container;
import com.pulumi.azure.storage.ContainerArgs;
import com.pulumi.azure.mssql.ServerSecurityAlertPolicy;
import com.pulumi.azure.mssql.ServerSecurityAlertPolicyArgs;
import com.pulumi.azure.mssql.Database;
import com.pulumi.azure.mssql.DatabaseArgs;
import com.pulumi.azure.mssql.ServerVulnerabilityAssessment;
import com.pulumi.azure.mssql.ServerVulnerabilityAssessmentArgs;
import com.pulumi.azure.mssql.DatabaseVulnerabilityAssessmentRuleBaseline;
import com.pulumi.azure.mssql.DatabaseVulnerabilityAssessmentRuleBaselineArgs;
import com.pulumi.azure.mssql.inputs.DatabaseVulnerabilityAssessmentRuleBaselineBaselineResultArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleServer = new Server("exampleServer", ServerArgs.builder()
.name("mysqlserver")
.resourceGroupName(example.name())
.location(example.location())
.version("12.0")
.administratorLogin("4dm1n157r470r")
.administratorLoginPassword("4-v3ry-53cr37-p455w0rd")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("accteststorageaccount")
.resourceGroupName(example.name())
.location(example.location())
.accountTier("Standard")
.accountReplicationType("GRS")
.build());
var exampleContainer = new Container("exampleContainer", ContainerArgs.builder()
.name("accteststoragecontainer")
.storageAccountName(exampleAccount.name())
.containerAccessType("private")
.build());
var exampleServerSecurityAlertPolicy = new ServerSecurityAlertPolicy("exampleServerSecurityAlertPolicy", ServerSecurityAlertPolicyArgs.builder()
.resourceGroupName(example.name())
.serverName(exampleServer.name())
.state("Enabled")
.build());
var exampleDatabase = new Database("exampleDatabase", DatabaseArgs.builder()
.name("mysqldatabase")
.serverId(test.id())
.build());
var exampleServerVulnerabilityAssessment = new ServerVulnerabilityAssessment("exampleServerVulnerabilityAssessment", ServerVulnerabilityAssessmentArgs.builder()
.serverSecurityAlertPolicyId(exampleServerSecurityAlertPolicy.id())
.storageContainerPath(Output.tuple(exampleAccount.primaryBlobEndpoint(), exampleContainer.name()).applyValue(values -> {
var primaryBlobEndpoint = values.t1;
var name = values.t2;
return String.format("%s%s/", primaryBlobEndpoint,name);
}))
.storageAccountAccessKey(exampleAccount.primaryAccessKey())
.build());
var exampleDatabaseVulnerabilityAssessmentRuleBaseline = new DatabaseVulnerabilityAssessmentRuleBaseline("exampleDatabaseVulnerabilityAssessmentRuleBaseline", DatabaseVulnerabilityAssessmentRuleBaselineArgs.builder()
.serverVulnerabilityAssessmentId(exampleServerVulnerabilityAssessment.id())
.databaseName(exampleDatabase.name())
.ruleId("VA2065")
.baselineName("master")
.baselineResults(
DatabaseVulnerabilityAssessmentRuleBaselineBaselineResultArgs.builder()
.results(
"allowedip1",
"123.123.123.123",
"123.123.123.123")
.build(),
DatabaseVulnerabilityAssessmentRuleBaselineBaselineResultArgs.builder()
.results(
"allowedip2",
"255.255.255.255",
"255.255.255.255")
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleServer:
type: azure:mssql:Server
name: example
properties:
name: mysqlserver
resourceGroupName: ${example.name}
location: ${example.location}
version: '12.0'
administratorLogin: 4dm1n157r470r
administratorLoginPassword: 4-v3ry-53cr37-p455w0rd
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: accteststorageaccount
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: GRS
exampleContainer:
type: azure:storage:Container
name: example
properties:
name: accteststoragecontainer
storageAccountName: ${exampleAccount.name}
containerAccessType: private
exampleServerSecurityAlertPolicy:
type: azure:mssql:ServerSecurityAlertPolicy
name: example
properties:
resourceGroupName: ${example.name}
serverName: ${exampleServer.name}
state: Enabled
exampleDatabase:
type: azure:mssql:Database
name: example
properties:
name: mysqldatabase
serverId: ${test.id}
exampleServerVulnerabilityAssessment:
type: azure:mssql:ServerVulnerabilityAssessment
name: example
properties:
serverSecurityAlertPolicyId: ${exampleServerSecurityAlertPolicy.id}
storageContainerPath: ${exampleAccount.primaryBlobEndpoint}${exampleContainer.name}/
storageAccountAccessKey: ${exampleAccount.primaryAccessKey}
exampleDatabaseVulnerabilityAssessmentRuleBaseline:
type: azure:mssql:DatabaseVulnerabilityAssessmentRuleBaseline
name: example
properties:
serverVulnerabilityAssessmentId: ${exampleServerVulnerabilityAssessment.id}
databaseName: ${exampleDatabase.name}
ruleId: VA2065
baselineName: master
baselineResults:
- results:
- allowedip1
- 123.123.123.123
- 123.123.123.123
- results:
- allowedip2
- 255.255.255.255
- 255.255.255.255Content copied to clipboard
API Providers
This resource uses the following Azure API Providers:
Microsoft.Sql: 2023-08-01-preview
Import
Database Vulnerability Assessment Rule Baseline can be imported using the resource id, e.g.
$ pulumi import azure:mssql/databaseVulnerabilityAssessmentRuleBaseline:DatabaseVulnerabilityAssessmentRuleBaseline example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/acceptanceTestResourceGroup1/providers/Microsoft.Sql/servers/mssqlserver/databases/mysqldatabase/vulnerabilityAssessments/Default/rules/VA2065/baselines/masterContent copied to clipboard
Properties
Link copied to clipboard
The name of the vulnerability assessment rule baseline. Valid options are default and master. default implies a baseline on a database level rule and master for server level rule. Defaults to default. Changing this forces a new resource to be created.
Link copied to clipboard
A baseline_result block as documented below. Multiple blocks can be defined.
Link copied to clipboard
Specifies the name of the MS SQL Database. Changing this forces a new resource to be created.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The Vulnerability Assessment ID of the MS SQL Server. Changing this forces a new resource to be created.