azurermSynapseSqlPoolVulnerabilityAssessmentBaseline
Manages a Synapse SQL Pool Vulnerability Assessment Rule Baseline.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
features: [{}],
});
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "west europe",
name: "example",
}
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
this,
"example_2",
{
account_kind: "BlobStorage",
account_replication_type: "LRS",
account_tier: "Standard",
location: azurermResourceGroupExample.location,
name: "example",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermStorageContainerExample =
new azurerm.storageContainer.StorageContainer(this, "example_3", {
container_access_type: "private",
name: "example",
storage_account_name: azurermStorageAccountExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageContainerExample.overrideLogicalId("example");
const azurermStorageDataLakeGen2FilesystemExample =
new azurerm.storageDataLakeGen2Filesystem.StorageDataLakeGen2Filesystem(
this,
"example_4",
{
name: "example",
storage_account_id: azurermStorageAccountExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageDataLakeGen2FilesystemExample.overrideLogicalId("example");
const azurermSynapseWorkspaceExample =
new azurerm.synapseWorkspace.SynapseWorkspace(this, "example_5", {
identity: [
{
type: "SystemAssigned",
},
],
location: azurermResourceGroupExample.location,
name: "example",
resource_group_name: azurermResourceGroupExample.name,
sql_administrator_login: "sqladminuser",
sql_administrator_login_password: "H@Sh1CoR3!",
storage_data_lake_gen2_filesystem_id:
azurermStorageDataLakeGen2FilesystemExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseWorkspaceExample.overrideLogicalId("example");
const azurermSynapseSqlPoolExample = new azurerm.synapseSqlPool.SynapseSqlPool(
this,
"example_6",
{
create_mode: "Default",
name: "example",
sku_name: "DW100c",
synapse_workspace_id: azurermSynapseWorkspaceExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseSqlPoolExample.overrideLogicalId("example");
const azurermSynapseSqlPoolSecurityAlertPolicyExample =
new azurerm.synapseSqlPoolSecurityAlertPolicy.SynapseSqlPoolSecurityAlertPolicy(
this,
"example_7",
{
policy_state: "Enabled",
sql_pool_id: azurermSynapseSqlPoolExample.id,
storage_account_access_key: azurermStorageAccountExample.primaryAccessKey,
storage_endpoint: azurermStorageAccountExample.primaryBlobEndpoint,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseSqlPoolSecurityAlertPolicyExample.overrideLogicalId("example");
const azurermSynapseSqlPoolVulnerabilityAssessmentExample =
new azurerm.synapseSqlPoolVulnerabilityAssessment.SynapseSqlPoolVulnerabilityAssessment(
this,
"example_8",
{
sql_pool_security_alert_policy_id:
azurermSynapseSqlPoolSecurityAlertPolicyExample.id,
storage_account_access_key: azurermStorageAccountExample.primaryAccessKey,
storage_container_path: `\${${azurermStorageAccountExample.primaryBlobEndpoint}}\${${azurermStorageContainerExample.name}}/`,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseSqlPoolVulnerabilityAssessmentExample.overrideLogicalId(
"example"
);
const azurermSynapseSqlPoolVulnerabilityAssessmentBaselineExample =
new azurerm.synapseSqlPoolVulnerabilityAssessmentBaseline.SynapseSqlPoolVulnerabilityAssessmentBaseline(
this,
"example_9",
{
baseline: [
{
result: ["userA", "SELECT"],
},
{
result: ["userB", "SELECT"],
},
],
name: "default",
rule_name: "VA1017",
sql_pool_vulnerability_assessment_id:
azurermSynapseSqlPoolVulnerabilityAssessmentExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseSqlPoolVulnerabilityAssessmentBaselineExample.overrideLogicalId(
"example"
);
Arguments Reference
The following arguments are supported:
-
name
- (Required) The name which should be used for this Synapse SQL Pool Vulnerability Assessment Rule Baseline. -
ruleName
- (Required) The ID of the vulnerability assessment rule. -
sqlPoolVulnerabilityAssessmentId
- (Required) The ID of the Synapse SQL Pool Vulnerability Assessment. Changing this forces a new Synapse SQL Pool Vulnerability Assessment Rule Baseline to be created.
baseline
- (Optional) One or morebaseline
blocks as defined below.
A baseline
block supports the following:
result
- (Required) Specifies a list of rule baseline result.
Attributes Reference
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Synapse SQL Pool Vulnerability Assessment Rule Baseline.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Synapse SQL Pool Vulnerability Assessment Rule Baseline.read
- (Defaults to 5 minutes) Used when retrieving the Synapse SQL Pool Vulnerability Assessment Rule Baseline.update
- (Defaults to 30 minutes) Used when updating the Synapse SQL Pool Vulnerability Assessment Rule Baseline.delete
- (Defaults to 30 minutes) Used when deleting the Synapse SQL Pool Vulnerability Assessment Rule Baseline.
Import
Synapse SQL Pool Vulnerability Assessment Rule Baselines can be imported using the resourceId
, e.g.