import * as pulumi from "@pulumi/pulumi"; /** * Manages a Synapse Role Assignment. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleAccount = new azure.storage.Account("example", { * name: "examplestorageacc", * resourceGroupName: example.name, * location: example.location, * accountTier: "Standard", * accountReplicationType: "LRS", * accountKind: "StorageV2", * isHnsEnabled: true, * }); * const exampleDataLakeGen2Filesystem = new azure.storage.DataLakeGen2Filesystem("example", { * name: "example", * storageAccountId: exampleAccount.id, * }); * const exampleWorkspace = new azure.synapse.Workspace("example", { * name: "example", * resourceGroupName: example.name, * location: example.location, * storageDataLakeGen2FilesystemId: exampleDataLakeGen2Filesystem.id, * sqlAdministratorLogin: "sqladminuser", * sqlAdministratorLoginPassword: "H@Sh1CoR3!", * identity: { * type: "SystemAssigned", * }, * }); * const exampleFirewallRule = new azure.synapse.FirewallRule("example", { * name: "AllowAll", * synapseWorkspaceId: exampleWorkspace.id, * startIpAddress: "0.0.0.0", * endIpAddress: "255.255.255.255", * }); * const current = azure.core.getClientConfig({}); * const exampleRoleAssignment = new azure.synapse.RoleAssignment("example", { * synapseWorkspaceId: exampleWorkspace.id, * roleName: "Synapse SQL Administrator", * principalId: current.then(current => current.objectId), * }, { * dependsOn: [exampleFirewallRule], * }); * ``` * * ## Import * * Synapse Role Assignment can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:synapse/roleAssignment:RoleAssignment example "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Synapse/workspaces/workspace1|000000000000" * ``` * * > **NOTE:** This ID is specific to this provider - and is of the format `{synapseScope}|{synapseRoleAssignmentId}`. */ export declare class RoleAssignment extends pulumi.CustomResource { /** * Get an existing RoleAssignment resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: RoleAssignmentState, opts?: pulumi.CustomResourceOptions): RoleAssignment; /** * Returns true if the given object is an instance of RoleAssignment. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is RoleAssignment; /** * The ID of the Principal (User, Group or Service Principal) to assign the Synapse Role Definition to. Changing this forces a new resource to be created. */ readonly principalId: pulumi.Output; /** * The Type of the Principal. One of `User`, `Group` or `ServicePrincipal`. Changing this forces a new resource to be created. * * > **NOTE:** While `principalType` is optional, it's still recommended to set this value, as some Synapse use-cases may not work correctly if this is not specified. Service Principals for example can't run SQL statements using `Entra ID` authentication if `principalType` is not set to `ServicePrincipal`. */ readonly principalType: pulumi.Output; /** * The Role Name of the Synapse Built-In Role. Possible values are `Apache Spark Administrator`, `Synapse Administrator`, `Synapse Artifact Publisher`, `Synapse Artifact User`, `Synapse Compute Operator`, `Synapse Contributor`, `Synapse Credential User`, `Synapse Linked Data Manager`, `Synapse Monitoring Operator`, `Synapse SQL Administrator` and `Synapse User`. Changing this forces a new resource to be created. * * > **NOTE:** Currently, the Synapse built-in roles are `Apache Spark Administrator`, `Synapse Administrator`, `Synapse Artifact Publisher`, `Synapse Artifact User`, `Synapse Compute Operator`, `Synapse Contributor`, `Synapse Credential User`, `Synapse Linked Data Manager`, `Synapse Monitoring Operator`, `Synapse SQL Administrator` and `Synapse User`. * * > **NOTE:** Old roles are still supported: `Workspace Admin`, `Apache Spark Admin`, `Sql Admin`. These values will be removed in the next Major Version 3.0. */ readonly roleName: pulumi.Output; /** * The Synapse Spark Pool which the Synapse Role Assignment applies to. Changing this forces a new resource to be created. * * > **NOTE:** A Synapse firewall rule including local IP is needed to allow access. Only one of `synapseWorkspaceId`, `synapseSparkPoolId` must be set. */ readonly synapseSparkPoolId: pulumi.Output; /** * The Synapse Workspace which the Synapse Role Assignment applies to. Changing this forces a new resource to be created. */ readonly synapseWorkspaceId: pulumi.Output; /** * Create a RoleAssignment resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: RoleAssignmentArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering RoleAssignment resources. */ export interface RoleAssignmentState { /** * The ID of the Principal (User, Group or Service Principal) to assign the Synapse Role Definition to. Changing this forces a new resource to be created. */ principalId?: pulumi.Input; /** * The Type of the Principal. One of `User`, `Group` or `ServicePrincipal`. Changing this forces a new resource to be created. * * > **NOTE:** While `principalType` is optional, it's still recommended to set this value, as some Synapse use-cases may not work correctly if this is not specified. Service Principals for example can't run SQL statements using `Entra ID` authentication if `principalType` is not set to `ServicePrincipal`. */ principalType?: pulumi.Input; /** * The Role Name of the Synapse Built-In Role. Possible values are `Apache Spark Administrator`, `Synapse Administrator`, `Synapse Artifact Publisher`, `Synapse Artifact User`, `Synapse Compute Operator`, `Synapse Contributor`, `Synapse Credential User`, `Synapse Linked Data Manager`, `Synapse Monitoring Operator`, `Synapse SQL Administrator` and `Synapse User`. Changing this forces a new resource to be created. * * > **NOTE:** Currently, the Synapse built-in roles are `Apache Spark Administrator`, `Synapse Administrator`, `Synapse Artifact Publisher`, `Synapse Artifact User`, `Synapse Compute Operator`, `Synapse Contributor`, `Synapse Credential User`, `Synapse Linked Data Manager`, `Synapse Monitoring Operator`, `Synapse SQL Administrator` and `Synapse User`. * * > **NOTE:** Old roles are still supported: `Workspace Admin`, `Apache Spark Admin`, `Sql Admin`. These values will be removed in the next Major Version 3.0. */ roleName?: pulumi.Input; /** * The Synapse Spark Pool which the Synapse Role Assignment applies to. Changing this forces a new resource to be created. * * > **NOTE:** A Synapse firewall rule including local IP is needed to allow access. Only one of `synapseWorkspaceId`, `synapseSparkPoolId` must be set. */ synapseSparkPoolId?: pulumi.Input; /** * The Synapse Workspace which the Synapse Role Assignment applies to. Changing this forces a new resource to be created. */ synapseWorkspaceId?: pulumi.Input; } /** * The set of arguments for constructing a RoleAssignment resource. */ export interface RoleAssignmentArgs { /** * The ID of the Principal (User, Group or Service Principal) to assign the Synapse Role Definition to. Changing this forces a new resource to be created. */ principalId: pulumi.Input; /** * The Type of the Principal. One of `User`, `Group` or `ServicePrincipal`. Changing this forces a new resource to be created. * * > **NOTE:** While `principalType` is optional, it's still recommended to set this value, as some Synapse use-cases may not work correctly if this is not specified. Service Principals for example can't run SQL statements using `Entra ID` authentication if `principalType` is not set to `ServicePrincipal`. */ principalType?: pulumi.Input; /** * The Role Name of the Synapse Built-In Role. Possible values are `Apache Spark Administrator`, `Synapse Administrator`, `Synapse Artifact Publisher`, `Synapse Artifact User`, `Synapse Compute Operator`, `Synapse Contributor`, `Synapse Credential User`, `Synapse Linked Data Manager`, `Synapse Monitoring Operator`, `Synapse SQL Administrator` and `Synapse User`. Changing this forces a new resource to be created. * * > **NOTE:** Currently, the Synapse built-in roles are `Apache Spark Administrator`, `Synapse Administrator`, `Synapse Artifact Publisher`, `Synapse Artifact User`, `Synapse Compute Operator`, `Synapse Contributor`, `Synapse Credential User`, `Synapse Linked Data Manager`, `Synapse Monitoring Operator`, `Synapse SQL Administrator` and `Synapse User`. * * > **NOTE:** Old roles are still supported: `Workspace Admin`, `Apache Spark Admin`, `Sql Admin`. These values will be removed in the next Major Version 3.0. */ roleName: pulumi.Input; /** * The Synapse Spark Pool which the Synapse Role Assignment applies to. Changing this forces a new resource to be created. * * > **NOTE:** A Synapse firewall rule including local IP is needed to allow access. Only one of `synapseWorkspaceId`, `synapseSparkPoolId` must be set. */ synapseSparkPoolId?: pulumi.Input; /** * The Synapse Workspace which the Synapse Role Assignment applies to. Changing this forces a new resource to be created. */ synapseWorkspaceId?: pulumi.Input; }