Sql
data class SqlPoolVulnerabilityAssessmentBaselineArgs(val baselines: Output<List<SqlPoolVulnerabilityAssessmentBaselineBaselineArgs>>? = null, val name: Output<String>? = null, val ruleName: Output<String>? = null, val sqlPoolVulnerabilityAssessmentId: Output<String>? = null) : ConvertibleToJava<SqlPoolVulnerabilityAssessmentBaselineArgs>
Manages a Synapse SQL Pool Vulnerability Assessment Rule Baseline.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example",
location: "west europe",
});
const exampleAccount = new azure.storage.Account("example", {
name: "example",
resourceGroupName: example.name,
location: example.location,
accountKind: "BlobStorage",
accountTier: "Standard",
accountReplicationType: "LRS",
});
const exampleDataLakeGen2Filesystem = new azure.storage.DataLakeGen2Filesystem("example", {
name: "example",
storageAccountId: exampleAccount.id,
});
const exampleWorkspace = new azure.synapse.Workspace("example", {
name: "example",
resourceGroupName: example.name,
location: example.location,
storageDataLakeGen2FilesystemId: exampleDataLakeGen2Filesystem.id,
sqlAdministratorLogin: "sqladminuser",
sqlAdministratorLoginPassword: "H@Sh1CoR3!",
identity: {
type: "SystemAssigned",
},
});
const exampleSqlPool = new azure.synapse.SqlPool("example", {
name: "example",
synapseWorkspaceId: exampleWorkspace.id,
skuName: "DW100c",
createMode: "Default",
});
const exampleContainer = new azure.storage.Container("example", {
name: "example",
storageAccountName: exampleAccount.name,
containerAccessType: "private",
});
const exampleSqlPoolSecurityAlertPolicy = new azure.synapse.SqlPoolSecurityAlertPolicy("example", {
sqlPoolId: exampleSqlPool.id,
policyState: "Enabled",
storageEndpoint: exampleAccount.primaryBlobEndpoint,
storageAccountAccessKey: exampleAccount.primaryAccessKey,
});
const exampleSqlPoolVulnerabilityAssessment = new azure.synapse.SqlPoolVulnerabilityAssessment("example", {
sqlPoolSecurityAlertPolicyId: exampleSqlPoolSecurityAlertPolicy.id,
storageContainerPath: pulumi.interpolate`${exampleAccount.primaryBlobEndpoint}${exampleContainer.name}/`,
storageAccountAccessKey: exampleAccount.primaryAccessKey,
});
const exampleSqlPoolVulnerabilityAssessmentBaseline = new azure.synapse.SqlPoolVulnerabilityAssessmentBaseline("example", {
name: "default",
ruleName: "VA1017",
sqlPoolVulnerabilityAssessmentId: exampleSqlPoolVulnerabilityAssessment.id,
baselines: [
{
results: [
"userA",
"SELECT",
],
},
{
results: [
"userB",
"SELECT",
],
},
],
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example",
location="west europe")
example_account = azure.storage.Account("example",
name="example",
resource_group_name=example.name,
location=example.location,
account_kind="BlobStorage",
account_tier="Standard",
account_replication_type="LRS")
example_data_lake_gen2_filesystem = azure.storage.DataLakeGen2Filesystem("example",
name="example",
storage_account_id=example_account.id)
example_workspace = azure.synapse.Workspace("example",
name="example",
resource_group_name=example.name,
location=example.location,
storage_data_lake_gen2_filesystem_id=example_data_lake_gen2_filesystem.id,
sql_administrator_login="sqladminuser",
sql_administrator_login_password="H@Sh1CoR3!",
identity={
"type": "SystemAssigned",
})
example_sql_pool = azure.synapse.SqlPool("example",
name="example",
synapse_workspace_id=example_workspace.id,
sku_name="DW100c",
create_mode="Default")
example_container = azure.storage.Container("example",
name="example",
storage_account_name=example_account.name,
container_access_type="private")
example_sql_pool_security_alert_policy = azure.synapse.SqlPoolSecurityAlertPolicy("example",
sql_pool_id=example_sql_pool.id,
policy_state="Enabled",
storage_endpoint=example_account.primary_blob_endpoint,
storage_account_access_key=example_account.primary_access_key)
example_sql_pool_vulnerability_assessment = azure.synapse.SqlPoolVulnerabilityAssessment("example",
sql_pool_security_alert_policy_id=example_sql_pool_security_alert_policy.id,
storage_container_path=pulumi.Output.all(
primary_blob_endpoint=example_account.primary_blob_endpoint,
name=example_container.name
).apply(lambda resolved_outputs: f"{resolved_outputs['primary_blob_endpoint']}{resolved_outputs['name']}/")
,
storage_account_access_key=example_account.primary_access_key)
example_sql_pool_vulnerability_assessment_baseline = azure.synapse.SqlPoolVulnerabilityAssessmentBaseline("example",
name="default",
rule_name="VA1017",
sql_pool_vulnerability_assessment_id=example_sql_pool_vulnerability_assessment.id,
baselines=[
{
"results": [
"userA",
"SELECT",
],
},
{
"results": [
"userB",
"SELECT",
],
},
])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example",
Location = "west europe",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "example",
ResourceGroupName = example.Name,
Location = example.Location,
AccountKind = "BlobStorage",
AccountTier = "Standard",
AccountReplicationType = "LRS",
});
var exampleDataLakeGen2Filesystem = new Azure.Storage.DataLakeGen2Filesystem("example", new()
{
Name = "example",
StorageAccountId = exampleAccount.Id,
});
var exampleWorkspace = new Azure.Synapse.Workspace("example", new()
{
Name = "example",
ResourceGroupName = example.Name,
Location = example.Location,
StorageDataLakeGen2FilesystemId = exampleDataLakeGen2Filesystem.Id,
SqlAdministratorLogin = "sqladminuser",
SqlAdministratorLoginPassword = "H@Sh1CoR3!",
Identity = new Azure.Synapse.Inputs.WorkspaceIdentityArgs
{
Type = "SystemAssigned",
},
});
var exampleSqlPool = new Azure.Synapse.SqlPool("example", new()
{
Name = "example",
SynapseWorkspaceId = exampleWorkspace.Id,
SkuName = "DW100c",
CreateMode = "Default",
});
var exampleContainer = new Azure.Storage.Container("example", new()
{
Name = "example",
StorageAccountName = exampleAccount.Name,
ContainerAccessType = "private",
});
var exampleSqlPoolSecurityAlertPolicy = new Azure.Synapse.SqlPoolSecurityAlertPolicy("example", new()
{
SqlPoolId = exampleSqlPool.Id,
PolicyState = "Enabled",
StorageEndpoint = exampleAccount.PrimaryBlobEndpoint,
StorageAccountAccessKey = exampleAccount.PrimaryAccessKey,
});
var exampleSqlPoolVulnerabilityAssessment = new Azure.Synapse.SqlPoolVulnerabilityAssessment("example", new()
{
SqlPoolSecurityAlertPolicyId = exampleSqlPoolSecurityAlertPolicy.Id,
StorageContainerPath = Output.Tuple(exampleAccount.PrimaryBlobEndpoint, exampleContainer.Name).Apply(values =>
{
var primaryBlobEndpoint = values.Item1;
var name = values.Item2;
return $"{primaryBlobEndpoint}{name}/";
}),
StorageAccountAccessKey = exampleAccount.PrimaryAccessKey,
});
var exampleSqlPoolVulnerabilityAssessmentBaseline = new Azure.Synapse.SqlPoolVulnerabilityAssessmentBaseline("example", new()
{
Name = "default",
RuleName = "VA1017",
SqlPoolVulnerabilityAssessmentId = exampleSqlPoolVulnerabilityAssessment.Id,
Baselines = new[]
{
new Azure.Synapse.Inputs.SqlPoolVulnerabilityAssessmentBaselineBaselineArgs
{
Results = new[]
{
"userA",
"SELECT",
},
},
new Azure.Synapse.Inputs.SqlPoolVulnerabilityAssessmentBaselineBaselineArgs
{
Results = new[]
{
"userB",
"SELECT",
},
},
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/synapse"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example"),
Location: pulumi.String("west europe"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("example"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountKind: pulumi.String("BlobStorage"),
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
})
if err != nil {
return err
}
exampleDataLakeGen2Filesystem, err := storage.NewDataLakeGen2Filesystem(ctx, "example", &storage.DataLakeGen2FilesystemArgs{
Name: pulumi.String("example"),
StorageAccountId: exampleAccount.ID(),
})
if err != nil {
return err
}
exampleWorkspace, err := synapse.NewWorkspace(ctx, "example", &synapse.WorkspaceArgs{
Name: pulumi.String("example"),
ResourceGroupName: example.Name,
Location: example.Location,
StorageDataLakeGen2FilesystemId: exampleDataLakeGen2Filesystem.ID(),
SqlAdministratorLogin: pulumi.String("sqladminuser"),
SqlAdministratorLoginPassword: pulumi.String("H@Sh1CoR3!"),
Identity: &synapse.WorkspaceIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
})
if err != nil {
return err
}
exampleSqlPool, err := synapse.NewSqlPool(ctx, "example", &synapse.SqlPoolArgs{
Name: pulumi.String("example"),
SynapseWorkspaceId: exampleWorkspace.ID(),
SkuName: pulumi.String("DW100c"),
CreateMode: pulumi.String("Default"),
})
if err != nil {
return err
}
exampleContainer, err := storage.NewContainer(ctx, "example", &storage.ContainerArgs{
Name: pulumi.String("example"),
StorageAccountName: exampleAccount.Name,
ContainerAccessType: pulumi.String("private"),
})
if err != nil {
return err
}
exampleSqlPoolSecurityAlertPolicy, err := synapse.NewSqlPoolSecurityAlertPolicy(ctx, "example", &synapse.SqlPoolSecurityAlertPolicyArgs{
SqlPoolId: exampleSqlPool.ID(),
PolicyState: pulumi.String("Enabled"),
StorageEndpoint: exampleAccount.PrimaryBlobEndpoint,
StorageAccountAccessKey: exampleAccount.PrimaryAccessKey,
})
if err != nil {
return err
}
exampleSqlPoolVulnerabilityAssessment, err := synapse.NewSqlPoolVulnerabilityAssessment(ctx, "example", &synapse.SqlPoolVulnerabilityAssessmentArgs{
SqlPoolSecurityAlertPolicyId: exampleSqlPoolSecurityAlertPolicy.ID(),
StorageContainerPath: pulumi.All(exampleAccount.PrimaryBlobEndpoint, exampleContainer.Name).ApplyT(func(_args []interface{}) (string, error) {
primaryBlobEndpoint := _args[0].(string)
name := _args[1].(string)
return fmt.Sprintf("%v%v/", primaryBlobEndpoint, name), nil
}).(pulumi.StringOutput),
StorageAccountAccessKey: exampleAccount.PrimaryAccessKey,
})
if err != nil {
return err
}
_, err = synapse.NewSqlPoolVulnerabilityAssessmentBaseline(ctx, "example", &synapse.SqlPoolVulnerabilityAssessmentBaselineArgs{
Name: pulumi.String("default"),
RuleName: pulumi.String("VA1017"),
SqlPoolVulnerabilityAssessmentId: exampleSqlPoolVulnerabilityAssessment.ID(),
Baselines: synapse.SqlPoolVulnerabilityAssessmentBaselineBaselineArray{
&synapse.SqlPoolVulnerabilityAssessmentBaselineBaselineArgs{
Results: pulumi.StringArray{
pulumi.String("userA"),
pulumi.String("SELECT"),
},
},
&synapse.SqlPoolVulnerabilityAssessmentBaselineBaselineArgs{
Results: pulumi.StringArray{
pulumi.String("userB"),
pulumi.String("SELECT"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.DataLakeGen2Filesystem;
import com.pulumi.azure.storage.DataLakeGen2FilesystemArgs;
import com.pulumi.azure.synapse.Workspace;
import com.pulumi.azure.synapse.WorkspaceArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceIdentityArgs;
import com.pulumi.azure.synapse.SqlPool;
import com.pulumi.azure.synapse.SqlPoolArgs;
import com.pulumi.azure.storage.Container;
import com.pulumi.azure.storage.ContainerArgs;
import com.pulumi.azure.synapse.SqlPoolSecurityAlertPolicy;
import com.pulumi.azure.synapse.SqlPoolSecurityAlertPolicyArgs;
import com.pulumi.azure.synapse.SqlPoolVulnerabilityAssessment;
import com.pulumi.azure.synapse.SqlPoolVulnerabilityAssessmentArgs;
import com.pulumi.azure.synapse.SqlPoolVulnerabilityAssessmentBaseline;
import com.pulumi.azure.synapse.SqlPoolVulnerabilityAssessmentBaselineArgs;
import com.pulumi.azure.synapse.inputs.SqlPoolVulnerabilityAssessmentBaselineBaselineArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example")
.location("west europe")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("example")
.resourceGroupName(example.name())
.location(example.location())
.accountKind("BlobStorage")
.accountTier("Standard")
.accountReplicationType("LRS")
.build());
var exampleDataLakeGen2Filesystem = new DataLakeGen2Filesystem("exampleDataLakeGen2Filesystem", DataLakeGen2FilesystemArgs.builder()
.name("example")
.storageAccountId(exampleAccount.id())
.build());
var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
.name("example")
.resourceGroupName(example.name())
.location(example.location())
.storageDataLakeGen2FilesystemId(exampleDataLakeGen2Filesystem.id())
.sqlAdministratorLogin("sqladminuser")
.sqlAdministratorLoginPassword("H@Sh1CoR3!")
.identity(WorkspaceIdentityArgs.builder()
.type("SystemAssigned")
.build())
.build());
var exampleSqlPool = new SqlPool("exampleSqlPool", SqlPoolArgs.builder()
.name("example")
.synapseWorkspaceId(exampleWorkspace.id())
.skuName("DW100c")
.createMode("Default")
.build());
var exampleContainer = new Container("exampleContainer", ContainerArgs.builder()
.name("example")
.storageAccountName(exampleAccount.name())
.containerAccessType("private")
.build());
var exampleSqlPoolSecurityAlertPolicy = new SqlPoolSecurityAlertPolicy("exampleSqlPoolSecurityAlertPolicy", SqlPoolSecurityAlertPolicyArgs.builder()
.sqlPoolId(exampleSqlPool.id())
.policyState("Enabled")
.storageEndpoint(exampleAccount.primaryBlobEndpoint())
.storageAccountAccessKey(exampleAccount.primaryAccessKey())
.build());
var exampleSqlPoolVulnerabilityAssessment = new SqlPoolVulnerabilityAssessment("exampleSqlPoolVulnerabilityAssessment", SqlPoolVulnerabilityAssessmentArgs.builder()
.sqlPoolSecurityAlertPolicyId(exampleSqlPoolSecurityAlertPolicy.id())
.storageContainerPath(Output.tuple(exampleAccount.primaryBlobEndpoint(), exampleContainer.name()).applyValue(values -> {
var primaryBlobEndpoint = values.t1;
var name = values.t2;
return String.format("%s%s/", primaryBlobEndpoint,name);
}))
.storageAccountAccessKey(exampleAccount.primaryAccessKey())
.build());
var exampleSqlPoolVulnerabilityAssessmentBaseline = new SqlPoolVulnerabilityAssessmentBaseline("exampleSqlPoolVulnerabilityAssessmentBaseline", SqlPoolVulnerabilityAssessmentBaselineArgs.builder()
.name("default")
.ruleName("VA1017")
.sqlPoolVulnerabilityAssessmentId(exampleSqlPoolVulnerabilityAssessment.id())
.baselines(
SqlPoolVulnerabilityAssessmentBaselineBaselineArgs.builder()
.results(
"userA",
"SELECT")
.build(),
SqlPoolVulnerabilityAssessmentBaselineBaselineArgs.builder()
.results(
"userB",
"SELECT")
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example
location: west europe
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: example
resourceGroupName: ${example.name}
location: ${example.location}
accountKind: BlobStorage
accountTier: Standard
accountReplicationType: LRS
exampleDataLakeGen2Filesystem:
type: azure:storage:DataLakeGen2Filesystem
name: example
properties:
name: example
storageAccountId: ${exampleAccount.id}
exampleWorkspace:
type: azure:synapse:Workspace
name: example
properties:
name: example
resourceGroupName: ${example.name}
location: ${example.location}
storageDataLakeGen2FilesystemId: ${exampleDataLakeGen2Filesystem.id}
sqlAdministratorLogin: sqladminuser
sqlAdministratorLoginPassword: H@Sh1CoR3!
identity:
type: SystemAssigned
exampleSqlPool:
type: azure:synapse:SqlPool
name: example
properties:
name: example
synapseWorkspaceId: ${exampleWorkspace.id}
skuName: DW100c
createMode: Default
exampleContainer:
type: azure:storage:Container
name: example
properties:
name: example
storageAccountName: ${exampleAccount.name}
containerAccessType: private
exampleSqlPoolSecurityAlertPolicy:
type: azure:synapse:SqlPoolSecurityAlertPolicy
name: example
properties:
sqlPoolId: ${exampleSqlPool.id}
policyState: Enabled
storageEndpoint: ${exampleAccount.primaryBlobEndpoint}
storageAccountAccessKey: ${exampleAccount.primaryAccessKey}
exampleSqlPoolVulnerabilityAssessment:
type: azure:synapse:SqlPoolVulnerabilityAssessment
name: example
properties:
sqlPoolSecurityAlertPolicyId: ${exampleSqlPoolSecurityAlertPolicy.id}
storageContainerPath: ${exampleAccount.primaryBlobEndpoint}${exampleContainer.name}/
storageAccountAccessKey: ${exampleAccount.primaryAccessKey}
exampleSqlPoolVulnerabilityAssessmentBaseline:
type: azure:synapse:SqlPoolVulnerabilityAssessmentBaseline
name: example
properties:
name: default
ruleName: VA1017
sqlPoolVulnerabilityAssessmentId: ${exampleSqlPoolVulnerabilityAssessment.id}
baselines:
- results:
- userA
- SELECT
- results:
- userB
- SELECTContent copied to clipboard
Import
Synapse SQL Pool Vulnerability Assessment Rule Baselines can be imported using the resource id, e.g.
$ pulumi import azure:synapse/sqlPoolVulnerabilityAssessmentBaseline:SqlPoolVulnerabilityAssessmentBaseline example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/rule1/baselines/baseline1Content copied to clipboard
Constructors
Link copied to clipboard
constructor(baselines: Output<List<SqlPoolVulnerabilityAssessmentBaselineBaselineArgs>>? = null, name: Output<String>? = null, ruleName: Output<String>? = null, sqlPoolVulnerabilityAssessmentId: Output<String>? = null)