import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages the Vulnerability Assessment for a Synapse SQL Pool. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleAccount = new azure.storage.Account("example", { * name: "examplestorageacc", * resourceGroupName: example.name, * location: example.location, * accountTier: "Standard", * accountReplicationType: "LRS", * accountKind: "StorageV2", * isHnsEnabled: true, * }); * const exampleContainer = new azure.storage.Container("example", { * name: "example", * storageAccountName: exampleAccount.name, * }); * const exampleDataLakeGen2Filesystem = new azure.storage.DataLakeGen2Filesystem("example", { * name: "example", * storageAccountId: exampleAccount.id, * }); * const exampleWorkspace = new azure.synapse.Workspace("example", { * name: "example", * resourceGroupName: example.name, * location: example.location, * storageDataLakeGen2FilesystemId: exampleDataLakeGen2Filesystem.id, * sqlAdministratorLogin: "sqladminuser", * sqlAdministratorLoginPassword: "H@Sh1CoR3!", * aadAdmin: [{ * login: "AzureAD Admin", * objectId: "00000000-0000-0000-0000-000000000000", * tenantId: "00000000-0000-0000-0000-000000000000", * }], * identity: { * type: "SystemAssigned", * }, * tags: { * Env: "production", * }, * }); * const exampleSqlPool = new azure.synapse.SqlPool("example", { * name: "examplesqlpool", * synapseWorkspaceId: exampleWorkspace.id, * skuName: "DW100c", * createMode: "Default", * }); * const auditLogs = new azure.storage.Account("audit_logs", { * name: "examplesa", * resourceGroupName: example.name, * location: example.location, * accountTier: "Standard", * accountReplicationType: "LRS", * }); * const exampleSqlPoolSecurityAlertPolicy = new azure.synapse.SqlPoolSecurityAlertPolicy("example", { * sqlPoolId: exampleSqlPool.id, * policyState: "Enabled", * storageEndpoint: auditLogs.primaryBlobEndpoint, * storageAccountAccessKey: auditLogs.primaryAccessKey, * disabledAlerts: [ * "Sql_Injection", * "Data_Exfiltration", * ], * retentionDays: 20, * }); * const exampleSqlPoolVulnerabilityAssessment = new azure.synapse.SqlPoolVulnerabilityAssessment("example", { * sqlPoolSecurityAlertPolicyId: exampleSqlPoolSecurityAlertPolicy.id, * storageContainerPath: pulumi.interpolate`${exampleAccount.primaryBlobEndpoint}${exampleContainer.name}/`, * storageAccountAccessKey: exampleAccount.primaryAccessKey, * recurringScans: { * enabled: true, * emails: [ * "email@example1.com", * "email@example2.com", * ], * }, * }); * ``` * * ## Import * * Synapse SQL Pool Vulnerability Assessment can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:synapse/sqlPoolVulnerabilityAssessment:SqlPoolVulnerabilityAssessment example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default * ``` */ export declare class SqlPoolVulnerabilityAssessment extends pulumi.CustomResource { /** * Get an existing SqlPoolVulnerabilityAssessment resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: SqlPoolVulnerabilityAssessmentState, opts?: pulumi.CustomResourceOptions): SqlPoolVulnerabilityAssessment; /** * Returns true if the given object is an instance of SqlPoolVulnerabilityAssessment. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is SqlPoolVulnerabilityAssessment; /** * The recurring scans settings. The `recurringScans` block supports fields documented below. */ readonly recurringScans: pulumi.Output; /** * The ID of the security alert policy of the Synapse SQL Pool. Changing this forces a new resource to be created. */ readonly sqlPoolSecurityAlertPolicyId: pulumi.Output; /** * Specifies the identifier key of the storage account for vulnerability assessment scan results. If `storageContainerSasKey` isn't specified, `storageAccountAccessKey` is required. */ readonly storageAccountAccessKey: pulumi.Output; /** * A blob storage container path to hold the scan results (e.g. ). */ readonly storageContainerPath: pulumi.Output; /** * A shared access signature (SAS Key) that has write access to the blob container specified in `storageContainerPath` parameter. If `storageAccountAccessKey` isn't specified, `storageContainerSasKey` is required. */ readonly storageContainerSasKey: pulumi.Output; /** * Create a SqlPoolVulnerabilityAssessment resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SqlPoolVulnerabilityAssessmentArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering SqlPoolVulnerabilityAssessment resources. */ export interface SqlPoolVulnerabilityAssessmentState { /** * The recurring scans settings. The `recurringScans` block supports fields documented below. */ recurringScans?: pulumi.Input; /** * The ID of the security alert policy of the Synapse SQL Pool. Changing this forces a new resource to be created. */ sqlPoolSecurityAlertPolicyId?: pulumi.Input; /** * Specifies the identifier key of the storage account for vulnerability assessment scan results. If `storageContainerSasKey` isn't specified, `storageAccountAccessKey` is required. */ storageAccountAccessKey?: pulumi.Input; /** * A blob storage container path to hold the scan results (e.g. ). */ storageContainerPath?: pulumi.Input; /** * A shared access signature (SAS Key) that has write access to the blob container specified in `storageContainerPath` parameter. If `storageAccountAccessKey` isn't specified, `storageContainerSasKey` is required. */ storageContainerSasKey?: pulumi.Input; } /** * The set of arguments for constructing a SqlPoolVulnerabilityAssessment resource. */ export interface SqlPoolVulnerabilityAssessmentArgs { /** * The recurring scans settings. The `recurringScans` block supports fields documented below. */ recurringScans?: pulumi.Input; /** * The ID of the security alert policy of the Synapse SQL Pool. Changing this forces a new resource to be created. */ sqlPoolSecurityAlertPolicyId: pulumi.Input; /** * Specifies the identifier key of the storage account for vulnerability assessment scan results. If `storageContainerSasKey` isn't specified, `storageAccountAccessKey` is required. */ storageAccountAccessKey?: pulumi.Input; /** * A blob storage container path to hold the scan results (e.g. ). */ storageContainerPath: pulumi.Input; /** * A shared access signature (SAS Key) that has write access to the blob container specified in `storageContainerPath` parameter. If `storageAccountAccessKey` isn't specified, `storageContainerSasKey` is required. */ storageContainerSasKey?: pulumi.Input; }