Skip to content

azurermSynapseSqlPoolVulnerabilityAssessmentBaseline

Manages a Synapse SQL Pool Vulnerability Assessment Rule Baseline.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
  features: [{}],
});
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "west europe",
    name: "example",
  }
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
  this,
  "example_2",
  {
    account_kind: "BlobStorage",
    account_replication_type: "LRS",
    account_tier: "Standard",
    location: azurermResourceGroupExample.location,
    name: "example",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermStorageContainerExample =
  new azurerm.storageContainer.StorageContainer(this, "example_3", {
    container_access_type: "private",
    name: "example",
    storage_account_name: azurermStorageAccountExample.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageContainerExample.overrideLogicalId("example");
const azurermStorageDataLakeGen2FilesystemExample =
  new azurerm.storageDataLakeGen2Filesystem.StorageDataLakeGen2Filesystem(
    this,
    "example_4",
    {
      name: "example",
      storage_account_id: azurermStorageAccountExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageDataLakeGen2FilesystemExample.overrideLogicalId("example");
const azurermSynapseWorkspaceExample =
  new azurerm.synapseWorkspace.SynapseWorkspace(this, "example_5", {
    identity: [
      {
        type: "SystemAssigned",
      },
    ],
    location: azurermResourceGroupExample.location,
    name: "example",
    resource_group_name: azurermResourceGroupExample.name,
    sql_administrator_login: "sqladminuser",
    sql_administrator_login_password: "H@Sh1CoR3!",
    storage_data_lake_gen2_filesystem_id:
      azurermStorageDataLakeGen2FilesystemExample.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseWorkspaceExample.overrideLogicalId("example");
const azurermSynapseSqlPoolExample = new azurerm.synapseSqlPool.SynapseSqlPool(
  this,
  "example_6",
  {
    create_mode: "Default",
    name: "example",
    sku_name: "DW100c",
    synapse_workspace_id: azurermSynapseWorkspaceExample.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseSqlPoolExample.overrideLogicalId("example");
const azurermSynapseSqlPoolSecurityAlertPolicyExample =
  new azurerm.synapseSqlPoolSecurityAlertPolicy.SynapseSqlPoolSecurityAlertPolicy(
    this,
    "example_7",
    {
      policy_state: "Enabled",
      sql_pool_id: azurermSynapseSqlPoolExample.id,
      storage_account_access_key: azurermStorageAccountExample.primaryAccessKey,
      storage_endpoint: azurermStorageAccountExample.primaryBlobEndpoint,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseSqlPoolSecurityAlertPolicyExample.overrideLogicalId("example");
const azurermSynapseSqlPoolVulnerabilityAssessmentExample =
  new azurerm.synapseSqlPoolVulnerabilityAssessment.SynapseSqlPoolVulnerabilityAssessment(
    this,
    "example_8",
    {
      sql_pool_security_alert_policy_id:
        azurermSynapseSqlPoolSecurityAlertPolicyExample.id,
      storage_account_access_key: azurermStorageAccountExample.primaryAccessKey,
      storage_container_path: `\${${azurermStorageAccountExample.primaryBlobEndpoint}}\${${azurermStorageContainerExample.name}}/`,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseSqlPoolVulnerabilityAssessmentExample.overrideLogicalId(
  "example"
);
const azurermSynapseSqlPoolVulnerabilityAssessmentBaselineExample =
  new azurerm.synapseSqlPoolVulnerabilityAssessmentBaseline.SynapseSqlPoolVulnerabilityAssessmentBaseline(
    this,
    "example_9",
    {
      baseline: [
        {
          result: ["userA", "SELECT"],
        },
        {
          result: ["userB", "SELECT"],
        },
      ],
      name: "default",
      rule_name: "VA1017",
      sql_pool_vulnerability_assessment_id:
        azurermSynapseSqlPoolVulnerabilityAssessmentExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseSqlPoolVulnerabilityAssessmentBaselineExample.overrideLogicalId(
  "example"
);

Arguments Reference

The following arguments are supported:

  • name - (Required) The name which should be used for this Synapse SQL Pool Vulnerability Assessment Rule Baseline.

  • ruleName - (Required) The ID of the vulnerability assessment rule.

  • sqlPoolVulnerabilityAssessmentId - (Required) The ID of the Synapse SQL Pool Vulnerability Assessment. Changing this forces a new Synapse SQL Pool Vulnerability Assessment Rule Baseline to be created.

  • baseline - (Optional) One or more baseline blocks as defined below.

A baseline block supports the following:

  • result - (Required) Specifies a list of rule baseline result.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Synapse SQL Pool Vulnerability Assessment Rule Baseline.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Synapse SQL Pool Vulnerability Assessment Rule Baseline.
  • read - (Defaults to 5 minutes) Used when retrieving the Synapse SQL Pool Vulnerability Assessment Rule Baseline.
  • update - (Defaults to 30 minutes) Used when updating the Synapse SQL Pool Vulnerability Assessment Rule Baseline.
  • delete - (Defaults to 30 minutes) Used when deleting the Synapse SQL Pool Vulnerability Assessment Rule Baseline.

Import

Synapse SQL Pool Vulnerability Assessment Rule Baselines can be imported using the resourceId, e.g.

terraform import azurerm_synapse_sql_pool_vulnerability_assessment_baseline.example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/rule1/baselines/baseline1