Server
data class ServerVulnerabilityAssessmentArgs(val recurringScans: Output<ServerVulnerabilityAssessmentRecurringScansArgs>? = null, val serverSecurityAlertPolicyId: Output<String>? = null, val storageAccountAccessKey: Output<String>? = null, val storageContainerPath: Output<String>? = null, val storageContainerSasKey: Output<String>? = null) : ConvertibleToJava<ServerVulnerabilityAssessmentArgs>
Manages the Vulnerability Assessment for an MS SQL Server.
Note: Vulnerability Assessment is currently only available for MS SQL databases. Note: This resource cannot be used to enable the Express SQL Vulnerability Assessment configuration, to enable the express configuration, use
express_vulnerability_assessment_enabledin theazure.mssql.Serverresource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleServer = new azure.mssql.Server("example", {
name: "mysqlserver",
resourceGroupName: example.name,
location: example.location,
version: "12.0",
administratorLogin: "4dm1n157r470r",
administratorLoginPassword: "4-v3ry-53cr37-p455w0rd",
});
const exampleAccount = new azure.storage.Account("example", {
name: "example",
resourceGroupName: example.name,
location: example.location,
accountTier: "Standard",
accountReplicationType: "GRS",
});
const exampleContainer = new azure.storage.Container("example", {
name: "example",
storageAccountName: exampleAccount.name,
containerAccessType: "private",
});
const exampleServerSecurityAlertPolicy = new azure.mssql.ServerSecurityAlertPolicy("example", {
resourceGroupName: example.name,
serverName: exampleServer.name,
state: "Enabled",
});
const exampleServerVulnerabilityAssessment = new azure.mssql.ServerVulnerabilityAssessment("example", {
serverSecurityAlertPolicyId: exampleServerSecurityAlertPolicy.id,
storageContainerPath: pulumi.interpolate`${exampleAccount.primaryBlobEndpoint}${exampleContainer.name}/`,
storageAccountAccessKey: exampleAccount.primaryAccessKey,
recurringScans: {
enabled: true,
emailSubscriptionAdmins: true,
emails: [
"email@example1.com",
"email@example2.com",
],
},
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_server = azure.mssql.Server("example",
name="mysqlserver",
resource_group_name=example.name,
location=example.location,
version="12.0",
administrator_login="4dm1n157r470r",
administrator_login_password="4-v3ry-53cr37-p455w0rd")
example_account = azure.storage.Account("example",
name="example",
resource_group_name=example.name,
location=example.location,
account_tier="Standard",
account_replication_type="GRS")
example_container = azure.storage.Container("example",
name="example",
storage_account_name=example_account.name,
container_access_type="private")
example_server_security_alert_policy = azure.mssql.ServerSecurityAlertPolicy("example",
resource_group_name=example.name,
server_name=example_server.name,
state="Enabled")
example_server_vulnerability_assessment = azure.mssql.ServerVulnerabilityAssessment("example",
server_security_alert_policy_id=example_server_security_alert_policy.id,
storage_container_path=pulumi.Output.all(
primary_blob_endpoint=example_account.primary_blob_endpoint,
name=example_container.name
).apply(lambda resolved_outputs: f"{resolved_outputs['primary_blob_endpoint']}{resolved_outputs['name']}/")
,
storage_account_access_key=example_account.primary_access_key,
recurring_scans={
"enabled": True,
"email_subscription_admins": True,
"emails": [
"email@example1.com",
"email@example2.com",
],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleServer = new Azure.MSSql.Server("example", new()
{
Name = "mysqlserver",
ResourceGroupName = example.Name,
Location = example.Location,
Version = "12.0",
AdministratorLogin = "4dm1n157r470r",
AdministratorLoginPassword = "4-v3ry-53cr37-p455w0rd",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "example",
ResourceGroupName = example.Name,
Location = example.Location,
AccountTier = "Standard",
AccountReplicationType = "GRS",
});
var exampleContainer = new Azure.Storage.Container("example", new()
{
Name = "example",
StorageAccountName = exampleAccount.Name,
ContainerAccessType = "private",
});
var exampleServerSecurityAlertPolicy = new Azure.MSSql.ServerSecurityAlertPolicy("example", new()
{
ResourceGroupName = example.Name,
ServerName = exampleServer.Name,
State = "Enabled",
});
var exampleServerVulnerabilityAssessment = new Azure.MSSql.ServerVulnerabilityAssessment("example", new()
{
ServerSecurityAlertPolicyId = exampleServerSecurityAlertPolicy.Id,
StorageContainerPath = Output.Tuple(exampleAccount.PrimaryBlobEndpoint, exampleContainer.Name).Apply(values =>
{
var primaryBlobEndpoint = values.Item1;
var name = values.Item2;
return $"{primaryBlobEndpoint}{name}/";
}),
StorageAccountAccessKey = exampleAccount.PrimaryAccessKey,
RecurringScans = new Azure.MSSql.Inputs.ServerVulnerabilityAssessmentRecurringScansArgs
{
Enabled = true,
EmailSubscriptionAdmins = true,
Emails = new[]
{
"email@example1.com",
"email@example2.com",
},
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/mssql"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleServer, err := mssql.NewServer(ctx, "example", &mssql.ServerArgs{
Name: pulumi.String("mysqlserver"),
ResourceGroupName: example.Name,
Location: example.Location,
Version: pulumi.String("12.0"),
AdministratorLogin: pulumi.String("4dm1n157r470r"),
AdministratorLoginPassword: pulumi.String("4-v3ry-53cr37-p455w0rd"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("example"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("GRS"),
})
if err != nil {
return err
}
exampleContainer, err := storage.NewContainer(ctx, "example", &storage.ContainerArgs{
Name: pulumi.String("example"),
StorageAccountName: exampleAccount.Name,
ContainerAccessType: pulumi.String("private"),
})
if err != nil {
return err
}
exampleServerSecurityAlertPolicy, err := mssql.NewServerSecurityAlertPolicy(ctx, "example", &mssql.ServerSecurityAlertPolicyArgs{
ResourceGroupName: example.Name,
ServerName: exampleServer.Name,
State: pulumi.String("Enabled"),
})
if err != nil {
return err
}
_, err = mssql.NewServerVulnerabilityAssessment(ctx, "example", &mssql.ServerVulnerabilityAssessmentArgs{
ServerSecurityAlertPolicyId: exampleServerSecurityAlertPolicy.ID(),
StorageContainerPath: pulumi.All(exampleAccount.PrimaryBlobEndpoint, exampleContainer.Name).ApplyT(func(_args []interface{}) (string, error) {
primaryBlobEndpoint := _args[0].(string)
name := _args[1].(string)
return fmt.Sprintf("%v%v/", primaryBlobEndpoint, name), nil
}).(pulumi.StringOutput),
StorageAccountAccessKey: exampleAccount.PrimaryAccessKey,
RecurringScans: &mssql.ServerVulnerabilityAssessmentRecurringScansArgs{
Enabled: pulumi.Bool(true),
EmailSubscriptionAdmins: pulumi.Bool(true),
Emails: pulumi.StringArray{
pulumi.String("email@example1.com"),
pulumi.String("email@example2.com"),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.Container;
import com.pulumi.azure.storage.ContainerArgs;
import com.pulumi.azure.mssql.ServerSecurityAlertPolicy;
import com.pulumi.azure.mssql.ServerSecurityAlertPolicyArgs;
import com.pulumi.azure.mssql.ServerVulnerabilityAssessment;
import com.pulumi.azure.mssql.ServerVulnerabilityAssessmentArgs;
import com.pulumi.azure.mssql.inputs.ServerVulnerabilityAssessmentRecurringScansArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleServer = new Server("exampleServer", ServerArgs.builder()
.name("mysqlserver")
.resourceGroupName(example.name())
.location(example.location())
.version("12.0")
.administratorLogin("4dm1n157r470r")
.administratorLoginPassword("4-v3ry-53cr37-p455w0rd")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("example")
.resourceGroupName(example.name())
.location(example.location())
.accountTier("Standard")
.accountReplicationType("GRS")
.build());
var exampleContainer = new Container("exampleContainer", ContainerArgs.builder()
.name("example")
.storageAccountName(exampleAccount.name())
.containerAccessType("private")
.build());
var exampleServerSecurityAlertPolicy = new ServerSecurityAlertPolicy("exampleServerSecurityAlertPolicy", ServerSecurityAlertPolicyArgs.builder()
.resourceGroupName(example.name())
.serverName(exampleServer.name())
.state("Enabled")
.build());
var exampleServerVulnerabilityAssessment = new ServerVulnerabilityAssessment("exampleServerVulnerabilityAssessment", ServerVulnerabilityAssessmentArgs.builder()
.serverSecurityAlertPolicyId(exampleServerSecurityAlertPolicy.id())
.storageContainerPath(Output.tuple(exampleAccount.primaryBlobEndpoint(), exampleContainer.name()).applyValue(values -> {
var primaryBlobEndpoint = values.t1;
var name = values.t2;
return String.format("%s%s/", primaryBlobEndpoint,name);
}))
.storageAccountAccessKey(exampleAccount.primaryAccessKey())
.recurringScans(ServerVulnerabilityAssessmentRecurringScansArgs.builder()
.enabled(true)
.emailSubscriptionAdmins(true)
.emails(
"email@example1.com",
"email@example2.com")
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleServer:
type: azure:mssql:Server
name: example
properties:
name: mysqlserver
resourceGroupName: ${example.name}
location: ${example.location}
version: '12.0'
administratorLogin: 4dm1n157r470r
administratorLoginPassword: 4-v3ry-53cr37-p455w0rd
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: example
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: GRS
exampleContainer:
type: azure:storage:Container
name: example
properties:
name: example
storageAccountName: ${exampleAccount.name}
containerAccessType: private
exampleServerSecurityAlertPolicy:
type: azure:mssql:ServerSecurityAlertPolicy
name: example
properties:
resourceGroupName: ${example.name}
serverName: ${exampleServer.name}
state: Enabled
exampleServerVulnerabilityAssessment:
type: azure:mssql:ServerVulnerabilityAssessment
name: example
properties:
serverSecurityAlertPolicyId: ${exampleServerSecurityAlertPolicy.id}
storageContainerPath: ${exampleAccount.primaryBlobEndpoint}${exampleContainer.name}/
storageAccountAccessKey: ${exampleAccount.primaryAccessKey}
recurringScans:
enabled: true
emailSubscriptionAdmins: true
emails:
- email@example1.com
- email@example2.comContent copied to clipboard
API Providers
This resource uses the following Azure API Providers:
Microsoft.Sql: 2023-08-01-preview
Import
MS SQL Server Vulnerability Assessment can be imported using the resource id, e.g.
$ pulumi import azure:mssql/serverVulnerabilityAssessment:ServerVulnerabilityAssessment example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/acceptanceTestResourceGroup1/providers/Microsoft.Sql/servers/mssqlserver/vulnerabilityAssessments/DefaultContent copied to clipboard
Constructors
Link copied to clipboard
constructor(recurringScans: Output<ServerVulnerabilityAssessmentRecurringScansArgs>? = null, serverSecurityAlertPolicyId: Output<String>? = null, storageAccountAccessKey: Output<String>? = null, storageContainerPath: Output<String>? = null, storageContainerSasKey: Output<String>? = null)
Properties
Link copied to clipboard
The recurring scans settings. The recurring_scans block supports fields documented below.
Link copied to clipboard
The id of the security alert policy of the MS SQL Server. Changing this forces a new resource to be created.
Link copied to clipboard
Specifies the identifier key of the storage account for vulnerability assessment scan results. If storage_container_sas_key isn't specified, storage_account_access_key is required.
Link copied to clipboard
A blob storage container path to hold the scan results (e.g. https://example.blob.core.windows.net/VaScans/).
Link copied to clipboard
A shared access signature (SAS Key) that has write access to the blob container specified in storage_container_path parameter. If storage_account_access_key isn't specified, storage_container_sas_key is required.