import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a Synapse Workspace. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleAccount = new azure.storage.Account("example", { * name: "examplestorageacc", * resourceGroupName: example.name, * location: example.location, * accountTier: "Standard", * accountReplicationType: "LRS", * accountKind: "StorageV2", * isHnsEnabled: true, * }); * const exampleDataLakeGen2Filesystem = new azure.storage.DataLakeGen2Filesystem("example", { * name: "example", * storageAccountId: exampleAccount.id, * }); * const exampleWorkspace = new azure.synapse.Workspace("example", { * name: "example", * resourceGroupName: example.name, * location: example.location, * storageDataLakeGen2FilesystemId: exampleDataLakeGen2Filesystem.id, * sqlAdministratorLogin: "sqladminuser", * sqlAdministratorLoginPassword: "H@Sh1CoR3!", * identity: { * type: "SystemAssigned", * }, * tags: { * Env: "production", * }, * }); * ``` * * ### Creating A Workspace With Customer Managed Key And Azure AD Admin * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const current = azure.core.getClientConfig({}); * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleAccount = new azure.storage.Account("example", { * name: "examplestorageacc", * resourceGroupName: example.name, * location: example.location, * accountTier: "Standard", * accountReplicationType: "LRS", * accountKind: "StorageV2", * isHnsEnabled: true, * }); * const exampleDataLakeGen2Filesystem = new azure.storage.DataLakeGen2Filesystem("example", { * name: "example", * storageAccountId: exampleAccount.id, * }); * const exampleKeyVault = new azure.keyvault.KeyVault("example", { * name: "example", * location: example.location, * resourceGroupName: example.name, * tenantId: current.then(current => current.tenantId), * skuName: "standard", * purgeProtectionEnabled: true, * }); * const deployer = new azure.keyvault.AccessPolicy("deployer", { * keyVaultId: exampleKeyVault.id, * tenantId: current.then(current => current.tenantId), * objectId: current.then(current => current.objectId), * keyPermissions: [ * "Create", * "Get", * "Delete", * "Purge", * "GetRotationPolicy", * ], * }); * const exampleKey = new azure.keyvault.Key("example", { * name: "workspaceencryptionkey", * keyVaultId: exampleKeyVault.id, * keyType: "RSA", * keySize: 2048, * keyOpts: [ * "unwrapKey", * "wrapKey", * ], * }, { * dependsOn: [deployer], * }); * const exampleWorkspace = new azure.synapse.Workspace("example", { * name: "example", * resourceGroupName: example.name, * location: example.location, * storageDataLakeGen2FilesystemId: exampleDataLakeGen2Filesystem.id, * sqlAdministratorLogin: "sqladminuser", * sqlAdministratorLoginPassword: "H@Sh1CoR3!", * customerManagedKey: { * keyVersionlessId: exampleKey.versionlessId, * keyName: "enckey", * }, * identity: { * type: "SystemAssigned", * }, * tags: { * Env: "production", * }, * }); * const workspacePolicy = new azure.keyvault.AccessPolicy("workspace_policy", { * keyVaultId: exampleKeyVault.id, * tenantId: exampleWorkspace.identity.apply(identity => identity?.tenantId), * objectId: exampleWorkspace.identity.apply(identity => identity?.principalId), * keyPermissions: [ * "Get", * "WrapKey", * "UnwrapKey", * ], * }); * const exampleWorkspaceKey = new azure.synapse.WorkspaceKey("example", { * customerManagedKeyVersionlessId: exampleKey.versionlessId, * synapseWorkspaceId: exampleWorkspace.id, * active: true, * customerManagedKeyName: "enckey", * }, { * dependsOn: [workspacePolicy], * }); * const exampleWorkspaceAadAdmin = new azure.synapse.WorkspaceAadAdmin("example", { * synapseWorkspaceId: exampleWorkspace.id, * login: "AzureAD Admin", * objectId: "00000000-0000-0000-0000-000000000000", * tenantId: "00000000-0000-0000-0000-000000000000", * }, { * dependsOn: [exampleWorkspaceKey], * }); * ``` * * ## Import * * Synapse Workspace can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:synapse/workspace:Workspace example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Synapse/workspaces/workspace1 * ``` */ export declare class Workspace extends pulumi.CustomResource { /** * Get an existing Workspace resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: WorkspaceState, opts?: pulumi.CustomResourceOptions): Workspace; /** * Returns true if the given object is an instance of Workspace. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Workspace; /** * An `azureDevopsRepo` block as defined below. */ readonly azureDevopsRepo: pulumi.Output; /** * Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to `false`. */ readonly azureadAuthenticationOnly: pulumi.Output; /** * Subnet ID used for computes in workspace Changing this forces a new resource to be created. */ readonly computeSubnetId: pulumi.Output; /** * A map of Connectivity endpoints for this Synapse Workspace. Possible key values are `dev`, `sql`, `sqlOnDemand`, and `web`. */ readonly connectivityEndpoints: pulumi.Output<{ [key: string]: string; }>; /** * A `customerManagedKey` block as defined below. */ readonly customerManagedKey: pulumi.Output; /** * Is data exfiltration protection enabled in this workspace? If set to `true`, `managedVirtualNetworkEnabled` must also be set to `true`. Changing this forces a new resource to be created. */ readonly dataExfiltrationProtectionEnabled: pulumi.Output; /** * A `githubRepo` block as defined below. */ readonly githubRepo: pulumi.Output; /** * An `identity` block as defined below. */ readonly identity: pulumi.Output; /** * Allowed AAD Tenant Ids For Linking. */ readonly linkingAllowedForAadTenantIds: pulumi.Output; /** * Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created. */ readonly location: pulumi.Output; /** * Workspace managed resource group. Changing this forces a new resource to be created. */ readonly managedResourceGroupName: pulumi.Output; /** * Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created. */ readonly managedVirtualNetworkEnabled: pulumi.Output; /** * Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * Whether public network access is allowed for the Cognitive Account. Defaults to `true`. */ readonly publicNetworkAccessEnabled: pulumi.Output; /** * The ID of purview account. */ readonly purviewId: pulumi.Output; /** * Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created. */ readonly resourceGroupName: pulumi.Output; /** * Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided `customerManagedKey` must be provided. */ readonly sqlAdministratorLogin: pulumi.Output; /** * The Password associated with the `sqlAdministratorLogin` for the SQL administrator. If this is not provided `customerManagedKey` must be provided. */ readonly sqlAdministratorLoginPassword: pulumi.Output; /** * Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools? */ readonly sqlIdentityControlEnabled: pulumi.Output; /** * Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created. */ readonly storageDataLakeGen2FilesystemId: pulumi.Output; /** * A mapping of tags which should be assigned to the Synapse Workspace. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Create a Workspace resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: WorkspaceArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Workspace resources. */ export interface WorkspaceState { /** * An `azureDevopsRepo` block as defined below. */ azureDevopsRepo?: pulumi.Input; /** * Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to `false`. */ azureadAuthenticationOnly?: pulumi.Input; /** * Subnet ID used for computes in workspace Changing this forces a new resource to be created. */ computeSubnetId?: pulumi.Input; /** * A map of Connectivity endpoints for this Synapse Workspace. Possible key values are `dev`, `sql`, `sqlOnDemand`, and `web`. */ connectivityEndpoints?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * A `customerManagedKey` block as defined below. */ customerManagedKey?: pulumi.Input; /** * Is data exfiltration protection enabled in this workspace? If set to `true`, `managedVirtualNetworkEnabled` must also be set to `true`. Changing this forces a new resource to be created. */ dataExfiltrationProtectionEnabled?: pulumi.Input; /** * A `githubRepo` block as defined below. */ githubRepo?: pulumi.Input; /** * An `identity` block as defined below. */ identity?: pulumi.Input; /** * Allowed AAD Tenant Ids For Linking. */ linkingAllowedForAadTenantIds?: pulumi.Input[]>; /** * Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * Workspace managed resource group. Changing this forces a new resource to be created. */ managedResourceGroupName?: pulumi.Input; /** * Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created. */ managedVirtualNetworkEnabled?: pulumi.Input; /** * Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * Whether public network access is allowed for the Cognitive Account. Defaults to `true`. */ publicNetworkAccessEnabled?: pulumi.Input; /** * The ID of purview account. */ purviewId?: pulumi.Input; /** * Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created. */ resourceGroupName?: pulumi.Input; /** * Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided `customerManagedKey` must be provided. */ sqlAdministratorLogin?: pulumi.Input; /** * The Password associated with the `sqlAdministratorLogin` for the SQL administrator. If this is not provided `customerManagedKey` must be provided. */ sqlAdministratorLoginPassword?: pulumi.Input; /** * Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools? */ sqlIdentityControlEnabled?: pulumi.Input; /** * Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created. */ storageDataLakeGen2FilesystemId?: pulumi.Input; /** * A mapping of tags which should be assigned to the Synapse Workspace. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } /** * The set of arguments for constructing a Workspace resource. */ export interface WorkspaceArgs { /** * An `azureDevopsRepo` block as defined below. */ azureDevopsRepo?: pulumi.Input; /** * Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to `false`. */ azureadAuthenticationOnly?: pulumi.Input; /** * Subnet ID used for computes in workspace Changing this forces a new resource to be created. */ computeSubnetId?: pulumi.Input; /** * A `customerManagedKey` block as defined below. */ customerManagedKey?: pulumi.Input; /** * Is data exfiltration protection enabled in this workspace? If set to `true`, `managedVirtualNetworkEnabled` must also be set to `true`. Changing this forces a new resource to be created. */ dataExfiltrationProtectionEnabled?: pulumi.Input; /** * A `githubRepo` block as defined below. */ githubRepo?: pulumi.Input; /** * An `identity` block as defined below. */ identity?: pulumi.Input; /** * Allowed AAD Tenant Ids For Linking. */ linkingAllowedForAadTenantIds?: pulumi.Input[]>; /** * Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * Workspace managed resource group. Changing this forces a new resource to be created. */ managedResourceGroupName?: pulumi.Input; /** * Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created. */ managedVirtualNetworkEnabled?: pulumi.Input; /** * Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * Whether public network access is allowed for the Cognitive Account. Defaults to `true`. */ publicNetworkAccessEnabled?: pulumi.Input; /** * The ID of purview account. */ purviewId?: pulumi.Input; /** * Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created. */ resourceGroupName: pulumi.Input; /** * Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided `customerManagedKey` must be provided. */ sqlAdministratorLogin?: pulumi.Input; /** * The Password associated with the `sqlAdministratorLogin` for the SQL administrator. If this is not provided `customerManagedKey` must be provided. */ sqlAdministratorLoginPassword?: pulumi.Input; /** * Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools? */ sqlIdentityControlEnabled?: pulumi.Input; /** * Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created. */ storageDataLakeGen2FilesystemId: pulumi.Input; /** * A mapping of tags which should be assigned to the Synapse Workspace. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; }