Manages a Synapse SQL Pool Vulnerability Assessment Rule Baseline.
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example"
location = "west europe"
}
resource "azurerm_storage_account" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_kind = "BlobStorage"
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_storage_data_lake_gen2_filesystem" "example" {
name = "example"
storage_account_id = azurerm_storage_account.example.id
}
resource "azurerm_synapse_workspace" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.example.id
sql_administrator_login = "sqladminuser"
sql_administrator_login_password = "H@Sh1CoR3!"
identity {
type = "SystemAssigned"
}
}
resource "azurerm_synapse_sql_pool" "example" {
name = "example"
synapse_workspace_id = azurerm_synapse_workspace.example.id
sku_name = "DW100c"
create_mode = "Default"
}
resource "azurerm_storage_container" "example" {
name = "example"
storage_account_name = azurerm_storage_account.example.name
container_access_type = "private"
}
resource "azurerm_synapse_sql_pool_security_alert_policy" "example" {
sql_pool_id = azurerm_synapse_sql_pool.example.id
policy_state = "Enabled"
storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint
storage_account_access_key = azurerm_storage_account.example.primary_access_key
}
resource "azurerm_synapse_sql_pool_vulnerability_assessment" "example" {
sql_pool_security_alert_policy_id = azurerm_synapse_sql_pool_security_alert_policy.example.id
storage_container_path = "${azurerm_storage_account.example.primary_blob_endpoint}${azurerm_storage_container.example.name}/"
storage_account_access_key = azurerm_storage_account.example.primary_access_key
}
resource "azurerm_synapse_sql_pool_vulnerability_assessment_baseline" "example" {
name = "default"
rule_name = "VA1017"
sql_pool_vulnerability_assessment_id = azurerm_synapse_sql_pool_vulnerability_assessment.example.id
baseline {
result = ["userA", "SELECT"]
}
baseline {
result = ["userB", "SELECT"]
}
}
The following arguments are supported:
name
- (Required) The name which should be used for this Synapse SQL Pool Vulnerability Assessment Rule Baseline.
rule_name
- (Required) The ID of the vulnerability assessment rule.
sql_pool_vulnerability_assessment_id
- (Required) The ID of the Synapse SQL Pool Vulnerability Assessment. Changing this forces a new Synapse SQL Pool Vulnerability Assessment Rule Baseline to be created.
baseline
- (Optional) One or more baseline
blocks as defined below.A baseline
block supports the following:
result
- (Required) Specifies a list of rule baseline result.In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Synapse SQL Pool Vulnerability Assessment Rule Baseline.The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Synapse SQL Pool Vulnerability Assessment Rule Baseline.read
- (Defaults to 5 minutes) Used when retrieving the Synapse SQL Pool Vulnerability Assessment Rule Baseline.update
- (Defaults to 30 minutes) Used when updating the Synapse SQL Pool Vulnerability Assessment Rule Baseline.delete
- (Defaults to 30 minutes) Used when deleting the Synapse SQL Pool Vulnerability Assessment Rule Baseline.Synapse SQL Pool Vulnerability Assessment Rule Baselines can be imported using the resource id
, e.g.
terraform import azurerm_synapse_sql_pool_vulnerability_assessment_baseline.example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/rule1/baselines/baseline1