Sql
Manages a Synapse SQL Pool Vulnerability Assessment Rule Baseline.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example",
location: "west europe",
});
const exampleAccount = new azure.storage.Account("example", {
name: "example",
resourceGroupName: example.name,
location: example.location,
accountKind: "BlobStorage",
accountTier: "Standard",
accountReplicationType: "LRS",
});
const exampleDataLakeGen2Filesystem = new azure.storage.DataLakeGen2Filesystem("example", {
name: "example",
storageAccountId: exampleAccount.id,
});
const exampleWorkspace = new azure.synapse.Workspace("example", {
name: "example",
resourceGroupName: example.name,
location: example.location,
storageDataLakeGen2FilesystemId: exampleDataLakeGen2Filesystem.id,
sqlAdministratorLogin: "sqladminuser",
sqlAdministratorLoginPassword: "H@Sh1CoR3!",
identity: {
type: "SystemAssigned",
},
});
const exampleSqlPool = new azure.synapse.SqlPool("example", {
name: "example",
synapseWorkspaceId: exampleWorkspace.id,
skuName: "DW100c",
createMode: "Default",
});
const exampleContainer = new azure.storage.Container("example", {
name: "example",
storageAccountName: exampleAccount.name,
containerAccessType: "private",
});
const exampleSqlPoolSecurityAlertPolicy = new azure.synapse.SqlPoolSecurityAlertPolicy("example", {
sqlPoolId: exampleSqlPool.id,
policyState: "Enabled",
storageEndpoint: exampleAccount.primaryBlobEndpoint,
storageAccountAccessKey: exampleAccount.primaryAccessKey,
});
const exampleSqlPoolVulnerabilityAssessment = new azure.synapse.SqlPoolVulnerabilityAssessment("example", {
sqlPoolSecurityAlertPolicyId: exampleSqlPoolSecurityAlertPolicy.id,
storageContainerPath: pulumi.interpolate`${exampleAccount.primaryBlobEndpoint}${exampleContainer.name}/`,
storageAccountAccessKey: exampleAccount.primaryAccessKey,
});
const exampleSqlPoolVulnerabilityAssessmentBaseline = new azure.synapse.SqlPoolVulnerabilityAssessmentBaseline("example", {
name: "default",
ruleName: "VA1017",
sqlPoolVulnerabilityAssessmentId: exampleSqlPoolVulnerabilityAssessment.id,
baselines: [
{
results: [
"userA",
"SELECT",
],
},
{
results: [
"userB",
"SELECT",
],
},
],
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example",
location="west europe")
example_account = azure.storage.Account("example",
name="example",
resource_group_name=example.name,
location=example.location,
account_kind="BlobStorage",
account_tier="Standard",
account_replication_type="LRS")
example_data_lake_gen2_filesystem = azure.storage.DataLakeGen2Filesystem("example",
name="example",
storage_account_id=example_account.id)
example_workspace = azure.synapse.Workspace("example",
name="example",
resource_group_name=example.name,
location=example.location,
storage_data_lake_gen2_filesystem_id=example_data_lake_gen2_filesystem.id,
sql_administrator_login="sqladminuser",
sql_administrator_login_password="H@Sh1CoR3!",
identity={
"type": "SystemAssigned",
})
example_sql_pool = azure.synapse.SqlPool("example",
name="example",
synapse_workspace_id=example_workspace.id,
sku_name="DW100c",
create_mode="Default")
example_container = azure.storage.Container("example",
name="example",
storage_account_name=example_account.name,
container_access_type="private")
example_sql_pool_security_alert_policy = azure.synapse.SqlPoolSecurityAlertPolicy("example",
sql_pool_id=example_sql_pool.id,
policy_state="Enabled",
storage_endpoint=example_account.primary_blob_endpoint,
storage_account_access_key=example_account.primary_access_key)
example_sql_pool_vulnerability_assessment = azure.synapse.SqlPoolVulnerabilityAssessment("example",
sql_pool_security_alert_policy_id=example_sql_pool_security_alert_policy.id,
storage_container_path=pulumi.Output.all(
primary_blob_endpoint=example_account.primary_blob_endpoint,
name=example_container.name
).apply(lambda resolved_outputs: f"{resolved_outputs['primary_blob_endpoint']}{resolved_outputs['name']}/")
,
storage_account_access_key=example_account.primary_access_key)
example_sql_pool_vulnerability_assessment_baseline = azure.synapse.SqlPoolVulnerabilityAssessmentBaseline("example",
name="default",
rule_name="VA1017",
sql_pool_vulnerability_assessment_id=example_sql_pool_vulnerability_assessment.id,
baselines=[
{
"results": [
"userA",
"SELECT",
],
},
{
"results": [
"userB",
"SELECT",
],
},
])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example",
Location = "west europe",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "example",
ResourceGroupName = example.Name,
Location = example.Location,
AccountKind = "BlobStorage",
AccountTier = "Standard",
AccountReplicationType = "LRS",
});
var exampleDataLakeGen2Filesystem = new Azure.Storage.DataLakeGen2Filesystem("example", new()
{
Name = "example",
StorageAccountId = exampleAccount.Id,
});
var exampleWorkspace = new Azure.Synapse.Workspace("example", new()
{
Name = "example",
ResourceGroupName = example.Name,
Location = example.Location,
StorageDataLakeGen2FilesystemId = exampleDataLakeGen2Filesystem.Id,
SqlAdministratorLogin = "sqladminuser",
SqlAdministratorLoginPassword = "H@Sh1CoR3!",
Identity = new Azure.Synapse.Inputs.WorkspaceIdentityArgs
{
Type = "SystemAssigned",
},
});
var exampleSqlPool = new Azure.Synapse.SqlPool("example", new()
{
Name = "example",
SynapseWorkspaceId = exampleWorkspace.Id,
SkuName = "DW100c",
CreateMode = "Default",
});
var exampleContainer = new Azure.Storage.Container("example", new()
{
Name = "example",
StorageAccountName = exampleAccount.Name,
ContainerAccessType = "private",
});
var exampleSqlPoolSecurityAlertPolicy = new Azure.Synapse.SqlPoolSecurityAlertPolicy("example", new()
{
SqlPoolId = exampleSqlPool.Id,
PolicyState = "Enabled",
StorageEndpoint = exampleAccount.PrimaryBlobEndpoint,
StorageAccountAccessKey = exampleAccount.PrimaryAccessKey,
});
var exampleSqlPoolVulnerabilityAssessment = new Azure.Synapse.SqlPoolVulnerabilityAssessment("example", new()
{
SqlPoolSecurityAlertPolicyId = exampleSqlPoolSecurityAlertPolicy.Id,
StorageContainerPath = Output.Tuple(exampleAccount.PrimaryBlobEndpoint, exampleContainer.Name).Apply(values =>
{
var primaryBlobEndpoint = values.Item1;
var name = values.Item2;
return $"{primaryBlobEndpoint}{name}/";
}),
StorageAccountAccessKey = exampleAccount.PrimaryAccessKey,
});
var exampleSqlPoolVulnerabilityAssessmentBaseline = new Azure.Synapse.SqlPoolVulnerabilityAssessmentBaseline("example", new()
{
Name = "default",
RuleName = "VA1017",
SqlPoolVulnerabilityAssessmentId = exampleSqlPoolVulnerabilityAssessment.Id,
Baselines = new[]
{
new Azure.Synapse.Inputs.SqlPoolVulnerabilityAssessmentBaselineBaselineArgs
{
Results = new[]
{
"userA",
"SELECT",
},
},
new Azure.Synapse.Inputs.SqlPoolVulnerabilityAssessmentBaselineBaselineArgs
{
Results = new[]
{
"userB",
"SELECT",
},
},
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/synapse"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example"),
Location: pulumi.String("west europe"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("example"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountKind: pulumi.String("BlobStorage"),
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
})
if err != nil {
return err
}
exampleDataLakeGen2Filesystem, err := storage.NewDataLakeGen2Filesystem(ctx, "example", &storage.DataLakeGen2FilesystemArgs{
Name: pulumi.String("example"),
StorageAccountId: exampleAccount.ID(),
})
if err != nil {
return err
}
exampleWorkspace, err := synapse.NewWorkspace(ctx, "example", &synapse.WorkspaceArgs{
Name: pulumi.String("example"),
ResourceGroupName: example.Name,
Location: example.Location,
StorageDataLakeGen2FilesystemId: exampleDataLakeGen2Filesystem.ID(),
SqlAdministratorLogin: pulumi.String("sqladminuser"),
SqlAdministratorLoginPassword: pulumi.String("H@Sh1CoR3!"),
Identity: &synapse.WorkspaceIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
})
if err != nil {
return err
}
exampleSqlPool, err := synapse.NewSqlPool(ctx, "example", &synapse.SqlPoolArgs{
Name: pulumi.String("example"),
SynapseWorkspaceId: exampleWorkspace.ID(),
SkuName: pulumi.String("DW100c"),
CreateMode: pulumi.String("Default"),
})
if err != nil {
return err
}
exampleContainer, err := storage.NewContainer(ctx, "example", &storage.ContainerArgs{
Name: pulumi.String("example"),
StorageAccountName: exampleAccount.Name,
ContainerAccessType: pulumi.String("private"),
})
if err != nil {
return err
}
exampleSqlPoolSecurityAlertPolicy, err := synapse.NewSqlPoolSecurityAlertPolicy(ctx, "example", &synapse.SqlPoolSecurityAlertPolicyArgs{
SqlPoolId: exampleSqlPool.ID(),
PolicyState: pulumi.String("Enabled"),
StorageEndpoint: exampleAccount.PrimaryBlobEndpoint,
StorageAccountAccessKey: exampleAccount.PrimaryAccessKey,
})
if err != nil {
return err
}
exampleSqlPoolVulnerabilityAssessment, err := synapse.NewSqlPoolVulnerabilityAssessment(ctx, "example", &synapse.SqlPoolVulnerabilityAssessmentArgs{
SqlPoolSecurityAlertPolicyId: exampleSqlPoolSecurityAlertPolicy.ID(),
StorageContainerPath: pulumi.All(exampleAccount.PrimaryBlobEndpoint, exampleContainer.Name).ApplyT(func(_args []interface{}) (string, error) {
primaryBlobEndpoint := _args[0].(string)
name := _args[1].(string)
return fmt.Sprintf("%v%v/", primaryBlobEndpoint, name), nil
}).(pulumi.StringOutput),
StorageAccountAccessKey: exampleAccount.PrimaryAccessKey,
})
if err != nil {
return err
}
_, err = synapse.NewSqlPoolVulnerabilityAssessmentBaseline(ctx, "example", &synapse.SqlPoolVulnerabilityAssessmentBaselineArgs{
Name: pulumi.String("default"),
RuleName: pulumi.String("VA1017"),
SqlPoolVulnerabilityAssessmentId: exampleSqlPoolVulnerabilityAssessment.ID(),
Baselines: synapse.SqlPoolVulnerabilityAssessmentBaselineBaselineArray{
&synapse.SqlPoolVulnerabilityAssessmentBaselineBaselineArgs{
Results: pulumi.StringArray{
pulumi.String("userA"),
pulumi.String("SELECT"),
},
},
&synapse.SqlPoolVulnerabilityAssessmentBaselineBaselineArgs{
Results: pulumi.StringArray{
pulumi.String("userB"),
pulumi.String("SELECT"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.DataLakeGen2Filesystem;
import com.pulumi.azure.storage.DataLakeGen2FilesystemArgs;
import com.pulumi.azure.synapse.Workspace;
import com.pulumi.azure.synapse.WorkspaceArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceIdentityArgs;
import com.pulumi.azure.synapse.SqlPool;
import com.pulumi.azure.synapse.SqlPoolArgs;
import com.pulumi.azure.storage.Container;
import com.pulumi.azure.storage.ContainerArgs;
import com.pulumi.azure.synapse.SqlPoolSecurityAlertPolicy;
import com.pulumi.azure.synapse.SqlPoolSecurityAlertPolicyArgs;
import com.pulumi.azure.synapse.SqlPoolVulnerabilityAssessment;
import com.pulumi.azure.synapse.SqlPoolVulnerabilityAssessmentArgs;
import com.pulumi.azure.synapse.SqlPoolVulnerabilityAssessmentBaseline;
import com.pulumi.azure.synapse.SqlPoolVulnerabilityAssessmentBaselineArgs;
import com.pulumi.azure.synapse.inputs.SqlPoolVulnerabilityAssessmentBaselineBaselineArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example")
.location("west europe")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("example")
.resourceGroupName(example.name())
.location(example.location())
.accountKind("BlobStorage")
.accountTier("Standard")
.accountReplicationType("LRS")
.build());
var exampleDataLakeGen2Filesystem = new DataLakeGen2Filesystem("exampleDataLakeGen2Filesystem", DataLakeGen2FilesystemArgs.builder()
.name("example")
.storageAccountId(exampleAccount.id())
.build());
var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
.name("example")
.resourceGroupName(example.name())
.location(example.location())
.storageDataLakeGen2FilesystemId(exampleDataLakeGen2Filesystem.id())
.sqlAdministratorLogin("sqladminuser")
.sqlAdministratorLoginPassword("H@Sh1CoR3!")
.identity(WorkspaceIdentityArgs.builder()
.type("SystemAssigned")
.build())
.build());
var exampleSqlPool = new SqlPool("exampleSqlPool", SqlPoolArgs.builder()
.name("example")
.synapseWorkspaceId(exampleWorkspace.id())
.skuName("DW100c")
.createMode("Default")
.build());
var exampleContainer = new Container("exampleContainer", ContainerArgs.builder()
.name("example")
.storageAccountName(exampleAccount.name())
.containerAccessType("private")
.build());
var exampleSqlPoolSecurityAlertPolicy = new SqlPoolSecurityAlertPolicy("exampleSqlPoolSecurityAlertPolicy", SqlPoolSecurityAlertPolicyArgs.builder()
.sqlPoolId(exampleSqlPool.id())
.policyState("Enabled")
.storageEndpoint(exampleAccount.primaryBlobEndpoint())
.storageAccountAccessKey(exampleAccount.primaryAccessKey())
.build());
var exampleSqlPoolVulnerabilityAssessment = new SqlPoolVulnerabilityAssessment("exampleSqlPoolVulnerabilityAssessment", SqlPoolVulnerabilityAssessmentArgs.builder()
.sqlPoolSecurityAlertPolicyId(exampleSqlPoolSecurityAlertPolicy.id())
.storageContainerPath(Output.tuple(exampleAccount.primaryBlobEndpoint(), exampleContainer.name()).applyValue(values -> {
var primaryBlobEndpoint = values.t1;
var name = values.t2;
return String.format("%s%s/", primaryBlobEndpoint,name);
}))
.storageAccountAccessKey(exampleAccount.primaryAccessKey())
.build());
var exampleSqlPoolVulnerabilityAssessmentBaseline = new SqlPoolVulnerabilityAssessmentBaseline("exampleSqlPoolVulnerabilityAssessmentBaseline", SqlPoolVulnerabilityAssessmentBaselineArgs.builder()
.name("default")
.ruleName("VA1017")
.sqlPoolVulnerabilityAssessmentId(exampleSqlPoolVulnerabilityAssessment.id())
.baselines(
SqlPoolVulnerabilityAssessmentBaselineBaselineArgs.builder()
.results(
"userA",
"SELECT")
.build(),
SqlPoolVulnerabilityAssessmentBaselineBaselineArgs.builder()
.results(
"userB",
"SELECT")
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example
location: west europe
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: example
resourceGroupName: ${example.name}
location: ${example.location}
accountKind: BlobStorage
accountTier: Standard
accountReplicationType: LRS
exampleDataLakeGen2Filesystem:
type: azure:storage:DataLakeGen2Filesystem
name: example
properties:
name: example
storageAccountId: ${exampleAccount.id}
exampleWorkspace:
type: azure:synapse:Workspace
name: example
properties:
name: example
resourceGroupName: ${example.name}
location: ${example.location}
storageDataLakeGen2FilesystemId: ${exampleDataLakeGen2Filesystem.id}
sqlAdministratorLogin: sqladminuser
sqlAdministratorLoginPassword: H@Sh1CoR3!
identity:
type: SystemAssigned
exampleSqlPool:
type: azure:synapse:SqlPool
name: example
properties:
name: example
synapseWorkspaceId: ${exampleWorkspace.id}
skuName: DW100c
createMode: Default
exampleContainer:
type: azure:storage:Container
name: example
properties:
name: example
storageAccountName: ${exampleAccount.name}
containerAccessType: private
exampleSqlPoolSecurityAlertPolicy:
type: azure:synapse:SqlPoolSecurityAlertPolicy
name: example
properties:
sqlPoolId: ${exampleSqlPool.id}
policyState: Enabled
storageEndpoint: ${exampleAccount.primaryBlobEndpoint}
storageAccountAccessKey: ${exampleAccount.primaryAccessKey}
exampleSqlPoolVulnerabilityAssessment:
type: azure:synapse:SqlPoolVulnerabilityAssessment
name: example
properties:
sqlPoolSecurityAlertPolicyId: ${exampleSqlPoolSecurityAlertPolicy.id}
storageContainerPath: ${exampleAccount.primaryBlobEndpoint}${exampleContainer.name}/
storageAccountAccessKey: ${exampleAccount.primaryAccessKey}
exampleSqlPoolVulnerabilityAssessmentBaseline:
type: azure:synapse:SqlPoolVulnerabilityAssessmentBaseline
name: example
properties:
name: default
ruleName: VA1017
sqlPoolVulnerabilityAssessmentId: ${exampleSqlPoolVulnerabilityAssessment.id}
baselines:
- results:
- userA
- SELECT
- results:
- userB
- SELECTContent copied to clipboard
Import
Synapse SQL Pool Vulnerability Assessment Rule Baselines can be imported using the resource id, e.g.
$ pulumi import azure:synapse/sqlPoolVulnerabilityAssessmentBaseline:SqlPoolVulnerabilityAssessmentBaseline example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/rule1/baselines/baseline1Content copied to clipboard
Properties
Link copied to clipboard
One or more baseline blocks as defined below.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The ID of the Synapse SQL Pool Vulnerability Assessment. Changing this forces a new Synapse SQL Pool Vulnerability Assessment Rule Baseline to be created.