From 334c01130be100060128dfc4b1d58b25814ace50 Mon Sep 17 00:00:00 2001 From: ms-henglu <79895375+ms-henglu@users.noreply.github.com> Date: Fri, 22 Oct 2021 05:20:05 +0800 Subject: [PATCH] new resource "azurerm_synapse_sql_pool_vulnerability_assessment_baseline" (#13744) --- internal/services/synapse/client/client.go | 73 +++--- ..._pool_vulnerability_assessment_baseline.go | 93 ++++++++ ..._vulnerability_assessment_baseline_test.go | 176 ++++++++++++++ internal/services/synapse/registration.go | 35 +-- internal/services/synapse/resourceids.go | 1 + ...nerability_assessment_baseline_resource.go | 188 +++++++++++++++ ...ility_assessment_baseline_resource_test.go | 221 ++++++++++++++++++ ...ol_vulnerability_assessment_baseline_id.go | 23 ++ ...lnerability_assessment_baseline_id_test.go | 124 ++++++++++ ...rability_assessment_baseline.html.markdown | 137 +++++++++++ 10 files changed, 1020 insertions(+), 51 deletions(-) create mode 100644 internal/services/synapse/parse/sql_pool_vulnerability_assessment_baseline.go create mode 100644 internal/services/synapse/parse/sql_pool_vulnerability_assessment_baseline_test.go create mode 100644 internal/services/synapse/synapse_sql_pool_vulnerability_assessment_baseline_resource.go create mode 100644 internal/services/synapse/synapse_sql_pool_vulnerability_assessment_baseline_resource_test.go create mode 100644 internal/services/synapse/validate/sql_pool_vulnerability_assessment_baseline_id.go create mode 100644 internal/services/synapse/validate/sql_pool_vulnerability_assessment_baseline_id_test.go create mode 100644 website/docs/r/synapse_sql_pool_vulnerability_assessment_baseline.html.markdown diff --git a/internal/services/synapse/client/client.go b/internal/services/synapse/client/client.go index c839bf899be9..2de3884c1526 100644 --- a/internal/services/synapse/client/client.go +++ b/internal/services/synapse/client/client.go @@ -12,23 +12,24 @@ import ( ) type Client struct { - FirewallRulesClient *synapse.IPFirewallRulesClient - IntegrationRuntimeAuthKeysClient *synapse.IntegrationRuntimeAuthKeysClient - IntegrationRuntimesClient *synapse.IntegrationRuntimesClient - KeysClient *synapse.KeysClient - PrivateLinkHubsClient *synapse.PrivateLinkHubsClient - SparkPoolClient *synapse.BigDataPoolsClient - SqlPoolClient *synapse.SQLPoolsClient - SqlPoolExtendedBlobAuditingPoliciesClient *synapse.ExtendedSQLPoolBlobAuditingPoliciesClient - SqlPoolSecurityAlertPolicyClient *synapse.SQLPoolSecurityAlertPoliciesClient - SqlPoolTransparentDataEncryptionClient *synapse.SQLPoolTransparentDataEncryptionsClient - SqlPoolVulnerabilityAssessmentsClient *synapse.SQLPoolVulnerabilityAssessmentsClient - WorkspaceAadAdminsClient *synapse.WorkspaceAadAdminsClient - WorkspaceClient *synapse.WorkspacesClient - WorkspaceExtendedBlobAuditingPoliciesClient *synapse.WorkspaceManagedSQLServerExtendedBlobAuditingPoliciesClient - WorkspaceManagedIdentitySQLControlSettingsClient *synapse.WorkspaceManagedIdentitySQLControlSettingsClient - WorkspaceSecurityAlertPolicyClient *synapse.WorkspaceManagedSQLServerSecurityAlertPolicyClient - WorkspaceVulnerabilityAssessmentsClient *synapse.WorkspaceManagedSQLServerVulnerabilityAssessmentsClient + FirewallRulesClient *synapse.IPFirewallRulesClient + IntegrationRuntimeAuthKeysClient *synapse.IntegrationRuntimeAuthKeysClient + IntegrationRuntimesClient *synapse.IntegrationRuntimesClient + KeysClient *synapse.KeysClient + PrivateLinkHubsClient *synapse.PrivateLinkHubsClient + SparkPoolClient *synapse.BigDataPoolsClient + SqlPoolClient *synapse.SQLPoolsClient + SqlPoolExtendedBlobAuditingPoliciesClient *synapse.ExtendedSQLPoolBlobAuditingPoliciesClient + SqlPoolSecurityAlertPolicyClient *synapse.SQLPoolSecurityAlertPoliciesClient + SqlPoolTransparentDataEncryptionClient *synapse.SQLPoolTransparentDataEncryptionsClient + SqlPoolVulnerabilityAssessmentsClient *synapse.SQLPoolVulnerabilityAssessmentsClient + SQLPoolVulnerabilityAssessmentRuleBaselinesClient *synapse.SQLPoolVulnerabilityAssessmentRuleBaselinesClient + WorkspaceAadAdminsClient *synapse.WorkspaceAadAdminsClient + WorkspaceClient *synapse.WorkspacesClient + WorkspaceExtendedBlobAuditingPoliciesClient *synapse.WorkspaceManagedSQLServerExtendedBlobAuditingPoliciesClient + WorkspaceManagedIdentitySQLControlSettingsClient *synapse.WorkspaceManagedIdentitySQLControlSettingsClient + WorkspaceSecurityAlertPolicyClient *synapse.WorkspaceManagedSQLServerSecurityAlertPolicyClient + WorkspaceVulnerabilityAssessmentsClient *synapse.WorkspaceManagedSQLServerVulnerabilityAssessmentsClient synapseAuthorizer autorest.Authorizer } @@ -68,6 +69,9 @@ func NewClient(o *common.ClientOptions) *Client { sqlPoolVulnerabilityAssessmentsClient := synapse.NewSQLPoolVulnerabilityAssessmentsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) o.ConfigureClient(&sqlPoolVulnerabilityAssessmentsClient.Client, o.ResourceManagerAuthorizer) + sqlPoolVulnerabilityAssessmentRuleBaselinesClient := synapse.NewSQLPoolVulnerabilityAssessmentRuleBaselinesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) + o.ConfigureClient(&sqlPoolVulnerabilityAssessmentRuleBaselinesClient.Client, o.ResourceManagerAuthorizer) + workspaceAadAdminsClient := synapse.NewWorkspaceAadAdminsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) o.ConfigureClient(&workspaceAadAdminsClient.Client, o.ResourceManagerAuthorizer) @@ -87,23 +91,24 @@ func NewClient(o *common.ClientOptions) *Client { o.ConfigureClient(&workspaceVulnerabilityAssessmentsClient.Client, o.ResourceManagerAuthorizer) return &Client{ - FirewallRulesClient: &firewallRuleClient, - IntegrationRuntimeAuthKeysClient: &integrationRuntimeAuthKeysClient, - IntegrationRuntimesClient: &integrationRuntimesClient, - KeysClient: &keysClient, - PrivateLinkHubsClient: &privateLinkHubsClient, - SparkPoolClient: &sparkPoolClient, - SqlPoolClient: &sqlPoolClient, - SqlPoolExtendedBlobAuditingPoliciesClient: &sqlPoolExtendedBlobAuditingPoliciesClient, - SqlPoolSecurityAlertPolicyClient: &sqlPoolSecurityAlertPolicyClient, - SqlPoolTransparentDataEncryptionClient: &sqlPoolTransparentDataEncryptionClient, - SqlPoolVulnerabilityAssessmentsClient: &sqlPoolVulnerabilityAssessmentsClient, - WorkspaceAadAdminsClient: &workspaceAadAdminsClient, - WorkspaceClient: &workspaceClient, - WorkspaceExtendedBlobAuditingPoliciesClient: &workspaceExtendedBlobAuditingPoliciesClient, - WorkspaceManagedIdentitySQLControlSettingsClient: &workspaceManagedIdentitySQLControlSettingsClient, - WorkspaceSecurityAlertPolicyClient: &workspaceSecurityAlertPolicyClient, - WorkspaceVulnerabilityAssessmentsClient: &workspaceVulnerabilityAssessmentsClient, + FirewallRulesClient: &firewallRuleClient, + IntegrationRuntimeAuthKeysClient: &integrationRuntimeAuthKeysClient, + IntegrationRuntimesClient: &integrationRuntimesClient, + KeysClient: &keysClient, + PrivateLinkHubsClient: &privateLinkHubsClient, + SparkPoolClient: &sparkPoolClient, + SqlPoolClient: &sqlPoolClient, + SqlPoolExtendedBlobAuditingPoliciesClient: &sqlPoolExtendedBlobAuditingPoliciesClient, + SqlPoolSecurityAlertPolicyClient: &sqlPoolSecurityAlertPolicyClient, + SqlPoolTransparentDataEncryptionClient: &sqlPoolTransparentDataEncryptionClient, + SqlPoolVulnerabilityAssessmentsClient: &sqlPoolVulnerabilityAssessmentsClient, + SQLPoolVulnerabilityAssessmentRuleBaselinesClient: &sqlPoolVulnerabilityAssessmentRuleBaselinesClient, + WorkspaceAadAdminsClient: &workspaceAadAdminsClient, + WorkspaceClient: &workspaceClient, + WorkspaceExtendedBlobAuditingPoliciesClient: &workspaceExtendedBlobAuditingPoliciesClient, + WorkspaceManagedIdentitySQLControlSettingsClient: &workspaceManagedIdentitySQLControlSettingsClient, + WorkspaceSecurityAlertPolicyClient: &workspaceSecurityAlertPolicyClient, + WorkspaceVulnerabilityAssessmentsClient: &workspaceVulnerabilityAssessmentsClient, synapseAuthorizer: o.SynapseAuthorizer, } diff --git a/internal/services/synapse/parse/sql_pool_vulnerability_assessment_baseline.go b/internal/services/synapse/parse/sql_pool_vulnerability_assessment_baseline.go new file mode 100644 index 000000000000..273fa412c37a --- /dev/null +++ b/internal/services/synapse/parse/sql_pool_vulnerability_assessment_baseline.go @@ -0,0 +1,93 @@ +package parse + +// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten + +import ( + "fmt" + "strings" + + "github.com/hashicorp/terraform-provider-azurerm/helpers/azure" +) + +type SqlPoolVulnerabilityAssessmentBaselineId struct { + SubscriptionId string + ResourceGroup string + WorkspaceName string + SqlPoolName string + VulnerabilityAssessmentName string + RuleName string + BaselineName string +} + +func NewSqlPoolVulnerabilityAssessmentBaselineID(subscriptionId, resourceGroup, workspaceName, sqlPoolName, vulnerabilityAssessmentName, ruleName, baselineName string) SqlPoolVulnerabilityAssessmentBaselineId { + return SqlPoolVulnerabilityAssessmentBaselineId{ + SubscriptionId: subscriptionId, + ResourceGroup: resourceGroup, + WorkspaceName: workspaceName, + SqlPoolName: sqlPoolName, + VulnerabilityAssessmentName: vulnerabilityAssessmentName, + RuleName: ruleName, + BaselineName: baselineName, + } +} + +func (id SqlPoolVulnerabilityAssessmentBaselineId) String() string { + segments := []string{ + fmt.Sprintf("Baseline Name %q", id.BaselineName), + fmt.Sprintf("Rule Name %q", id.RuleName), + fmt.Sprintf("Vulnerability Assessment Name %q", id.VulnerabilityAssessmentName), + fmt.Sprintf("Sql Pool Name %q", id.SqlPoolName), + fmt.Sprintf("Workspace Name %q", id.WorkspaceName), + fmt.Sprintf("Resource Group %q", id.ResourceGroup), + } + segmentsStr := strings.Join(segments, " / ") + return fmt.Sprintf("%s: (%s)", "Sql Pool Vulnerability Assessment Baseline", segmentsStr) +} + +func (id SqlPoolVulnerabilityAssessmentBaselineId) ID() string { + fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Synapse/workspaces/%s/sqlPools/%s/vulnerabilityAssessments/%s/rules/%s/baselines/%s" + return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.VulnerabilityAssessmentName, id.RuleName, id.BaselineName) +} + +// SqlPoolVulnerabilityAssessmentBaselineID parses a SqlPoolVulnerabilityAssessmentBaseline ID into an SqlPoolVulnerabilityAssessmentBaselineId struct +func SqlPoolVulnerabilityAssessmentBaselineID(input string) (*SqlPoolVulnerabilityAssessmentBaselineId, error) { + id, err := azure.ParseAzureResourceID(input) + if err != nil { + return nil, err + } + + resourceId := SqlPoolVulnerabilityAssessmentBaselineId{ + SubscriptionId: id.SubscriptionID, + ResourceGroup: id.ResourceGroup, + } + + if resourceId.SubscriptionId == "" { + return nil, fmt.Errorf("ID was missing the 'subscriptions' element") + } + + if resourceId.ResourceGroup == "" { + return nil, fmt.Errorf("ID was missing the 'resourceGroups' element") + } + + if resourceId.WorkspaceName, err = id.PopSegment("workspaces"); err != nil { + return nil, err + } + if resourceId.SqlPoolName, err = id.PopSegment("sqlPools"); err != nil { + return nil, err + } + if resourceId.VulnerabilityAssessmentName, err = id.PopSegment("vulnerabilityAssessments"); err != nil { + return nil, err + } + if resourceId.RuleName, err = id.PopSegment("rules"); err != nil { + return nil, err + } + if resourceId.BaselineName, err = id.PopSegment("baselines"); err != nil { + return nil, err + } + + if err := id.ValidateNoEmptySegments(input); err != nil { + return nil, err + } + + return &resourceId, nil +} diff --git a/internal/services/synapse/parse/sql_pool_vulnerability_assessment_baseline_test.go b/internal/services/synapse/parse/sql_pool_vulnerability_assessment_baseline_test.go new file mode 100644 index 000000000000..7f6e75b83cda --- /dev/null +++ b/internal/services/synapse/parse/sql_pool_vulnerability_assessment_baseline_test.go @@ -0,0 +1,176 @@ +package parse + +// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten + +import ( + "testing" + + "github.com/hashicorp/terraform-provider-azurerm/internal/resourceid" +) + +var _ resourceid.Formatter = SqlPoolVulnerabilityAssessmentBaselineId{} + +func TestSqlPoolVulnerabilityAssessmentBaselineIDFormatter(t *testing.T) { + actual := NewSqlPoolVulnerabilityAssessmentBaselineID("12345678-1234-9876-4563-123456789012", "resGroup1", "workspace1", "sqlPool1", "default", "rule1", "baseline1").ID() + expected := "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/rule1/baselines/baseline1" + if actual != expected { + t.Fatalf("Expected %q but got %q", expected, actual) + } +} + +func TestSqlPoolVulnerabilityAssessmentBaselineID(t *testing.T) { + testData := []struct { + Input string + Error bool + Expected *SqlPoolVulnerabilityAssessmentBaselineId + }{ + + { + // empty + Input: "", + Error: true, + }, + + { + // missing SubscriptionId + Input: "/", + Error: true, + }, + + { + // missing value for SubscriptionId + Input: "/subscriptions/", + Error: true, + }, + + { + // missing ResourceGroup + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/", + Error: true, + }, + + { + // missing value for ResourceGroup + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/", + Error: true, + }, + + { + // missing WorkspaceName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/", + Error: true, + }, + + { + // missing value for WorkspaceName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/", + Error: true, + }, + + { + // missing SqlPoolName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/", + Error: true, + }, + + { + // missing value for SqlPoolName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/", + Error: true, + }, + + { + // missing VulnerabilityAssessmentName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/", + Error: true, + }, + + { + // missing value for VulnerabilityAssessmentName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/", + Error: true, + }, + + { + // missing RuleName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/", + Error: true, + }, + + { + // missing value for RuleName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/", + Error: true, + }, + + { + // missing BaselineName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/rule1/", + Error: true, + }, + + { + // missing value for BaselineName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/rule1/baselines/", + Error: true, + }, + + { + // valid + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/rule1/baselines/baseline1", + Expected: &SqlPoolVulnerabilityAssessmentBaselineId{ + SubscriptionId: "12345678-1234-9876-4563-123456789012", + ResourceGroup: "resGroup1", + WorkspaceName: "workspace1", + SqlPoolName: "sqlPool1", + VulnerabilityAssessmentName: "default", + RuleName: "rule1", + BaselineName: "baseline1", + }, + }, + + { + // upper-cased + Input: "/SUBSCRIPTIONS/12345678-1234-9876-4563-123456789012/RESOURCEGROUPS/RESGROUP1/PROVIDERS/MICROSOFT.SYNAPSE/WORKSPACES/WORKSPACE1/SQLPOOLS/SQLPOOL1/VULNERABILITYASSESSMENTS/DEFAULT/RULES/RULE1/BASELINES/BASELINE1", + Error: true, + }, + } + + for _, v := range testData { + t.Logf("[DEBUG] Testing %q", v.Input) + + actual, err := SqlPoolVulnerabilityAssessmentBaselineID(v.Input) + if err != nil { + if v.Error { + continue + } + + t.Fatalf("Expect a value but got an error: %s", err) + } + if v.Error { + t.Fatal("Expect an error but didn't get one") + } + + if actual.SubscriptionId != v.Expected.SubscriptionId { + t.Fatalf("Expected %q but got %q for SubscriptionId", v.Expected.SubscriptionId, actual.SubscriptionId) + } + if actual.ResourceGroup != v.Expected.ResourceGroup { + t.Fatalf("Expected %q but got %q for ResourceGroup", v.Expected.ResourceGroup, actual.ResourceGroup) + } + if actual.WorkspaceName != v.Expected.WorkspaceName { + t.Fatalf("Expected %q but got %q for WorkspaceName", v.Expected.WorkspaceName, actual.WorkspaceName) + } + if actual.SqlPoolName != v.Expected.SqlPoolName { + t.Fatalf("Expected %q but got %q for SqlPoolName", v.Expected.SqlPoolName, actual.SqlPoolName) + } + if actual.VulnerabilityAssessmentName != v.Expected.VulnerabilityAssessmentName { + t.Fatalf("Expected %q but got %q for VulnerabilityAssessmentName", v.Expected.VulnerabilityAssessmentName, actual.VulnerabilityAssessmentName) + } + if actual.RuleName != v.Expected.RuleName { + t.Fatalf("Expected %q but got %q for RuleName", v.Expected.RuleName, actual.RuleName) + } + if actual.BaselineName != v.Expected.BaselineName { + t.Fatalf("Expected %q but got %q for BaselineName", v.Expected.BaselineName, actual.BaselineName) + } + } +} diff --git a/internal/services/synapse/registration.go b/internal/services/synapse/registration.go index 9e53ac603159..0871409283d7 100644 --- a/internal/services/synapse/registration.go +++ b/internal/services/synapse/registration.go @@ -26,22 +26,23 @@ func (r Registration) SupportedDataSources() map[string]*pluginsdk.Resource { // SupportedResources returns the supported Resources supported by this Service func (r Registration) SupportedResources() map[string]*pluginsdk.Resource { return map[string]*pluginsdk.Resource{ - "azurerm_synapse_firewall_rule": resourceSynapseFirewallRule(), - "azurerm_synapse_integration_runtime_azure": resourceSynapseIntegrationRuntimeAzure(), - "azurerm_synapse_integration_runtime_self_hosted": resourceSynapseIntegrationRuntimeSelfHosted(), - "azurerm_synapse_linked_service": resourceSynapseLinkedService(), - "azurerm_synapse_managed_private_endpoint": resourceSynapseManagedPrivateEndpoint(), - "azurerm_synapse_private_link_hub": resourceSynapsePrivateLinkHub(), - "azurerm_synapse_role_assignment": resourceSynapseRoleAssignment(), - "azurerm_synapse_spark_pool": resourceSynapseSparkPool(), - "azurerm_synapse_sql_pool": resourceSynapseSqlPool(), - "azurerm_synapse_sql_pool_extended_auditing_policy": resourceSynapseSqlPoolExtendedAuditingPolicy(), - "azurerm_synapse_sql_pool_security_alert_policy": resourceSynapseSqlPoolSecurityAlertPolicy(), - "azurerm_synapse_sql_pool_vulnerability_assessment": resourceSynapseSqlPoolVulnerabilityAssessment(), - "azurerm_synapse_workspace": resourceSynapseWorkspace(), - "azurerm_synapse_workspace_extended_auditing_policy": resourceSynapseWorkspaceExtendedAuditingPolicy(), - "azurerm_synapse_workspace_key": resourceSynapseWorkspaceKey(), - "azurerm_synapse_workspace_security_alert_policy": resourceSynapseWorkspaceSecurityAlertPolicy(), - "azurerm_synapse_workspace_vulnerability_assessment": resourceSynapseWorkspaceVulnerabilityAssessment(), + "azurerm_synapse_firewall_rule": resourceSynapseFirewallRule(), + "azurerm_synapse_integration_runtime_azure": resourceSynapseIntegrationRuntimeAzure(), + "azurerm_synapse_integration_runtime_self_hosted": resourceSynapseIntegrationRuntimeSelfHosted(), + "azurerm_synapse_linked_service": resourceSynapseLinkedService(), + "azurerm_synapse_managed_private_endpoint": resourceSynapseManagedPrivateEndpoint(), + "azurerm_synapse_private_link_hub": resourceSynapsePrivateLinkHub(), + "azurerm_synapse_role_assignment": resourceSynapseRoleAssignment(), + "azurerm_synapse_spark_pool": resourceSynapseSparkPool(), + "azurerm_synapse_sql_pool": resourceSynapseSqlPool(), + "azurerm_synapse_sql_pool_extended_auditing_policy": resourceSynapseSqlPoolExtendedAuditingPolicy(), + "azurerm_synapse_sql_pool_security_alert_policy": resourceSynapseSqlPoolSecurityAlertPolicy(), + "azurerm_synapse_sql_pool_vulnerability_assessment": resourceSynapseSqlPoolVulnerabilityAssessment(), + "azurerm_synapse_sql_pool_vulnerability_assessment_baseline": resourceSynapseSqlPoolVulnerabilityAssessmentBaseline(), + "azurerm_synapse_workspace": resourceSynapseWorkspace(), + "azurerm_synapse_workspace_extended_auditing_policy": resourceSynapseWorkspaceExtendedAuditingPolicy(), + "azurerm_synapse_workspace_key": resourceSynapseWorkspaceKey(), + "azurerm_synapse_workspace_security_alert_policy": resourceSynapseWorkspaceSecurityAlertPolicy(), + "azurerm_synapse_workspace_vulnerability_assessment": resourceSynapseWorkspaceVulnerabilityAssessment(), } } diff --git a/internal/services/synapse/resourceids.go b/internal/services/synapse/resourceids.go index d8dba7132f34..310a27831bb4 100644 --- a/internal/services/synapse/resourceids.go +++ b/internal/services/synapse/resourceids.go @@ -11,6 +11,7 @@ package synapse //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=SqlPoolExtendedAuditingPolicy -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/extendedAuditingSettings/default //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=SqlPoolSecurityAlertPolicy -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/securityAlertPolicies/Default //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=SqlPoolVulnerabilityAssessment -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default +//go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=SqlPoolVulnerabilityAssessmentBaseline -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/rule1/baselines/baseline1 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=Workspace -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=WorkspaceExtendedAuditingPolicy -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/extendedAuditingSettings/default //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=WorkspaceKeys -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/keys/key1 diff --git a/internal/services/synapse/synapse_sql_pool_vulnerability_assessment_baseline_resource.go b/internal/services/synapse/synapse_sql_pool_vulnerability_assessment_baseline_resource.go new file mode 100644 index 000000000000..d675dce258b3 --- /dev/null +++ b/internal/services/synapse/synapse_sql_pool_vulnerability_assessment_baseline_resource.go @@ -0,0 +1,188 @@ +package synapse + +import ( + "fmt" + "log" + "time" + + "github.com/Azure/azure-sdk-for-go/services/synapse/mgmt/2021-03-01/synapse" + "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" + "github.com/hashicorp/terraform-provider-azurerm/internal/clients" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/synapse/parse" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/synapse/validate" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" + "github.com/hashicorp/terraform-provider-azurerm/internal/timeouts" + "github.com/hashicorp/terraform-provider-azurerm/utils" +) + +func resourceSynapseSqlPoolVulnerabilityAssessmentBaseline() *pluginsdk.Resource { + return &pluginsdk.Resource{ + Create: resourceSynapseSqlPoolVulnerabilityAssessmentBaselineCreateUpdate, + Read: resourceSynapseSqlPoolVulnerabilityAssessmentBaselineRead, + Update: resourceSynapseSqlPoolVulnerabilityAssessmentBaselineCreateUpdate, + Delete: resourceSynapseSqlPoolVulnerabilityAssessmentBaselineDelete, + + Timeouts: &pluginsdk.ResourceTimeout{ + Create: pluginsdk.DefaultTimeout(30 * time.Minute), + Read: pluginsdk.DefaultTimeout(5 * time.Minute), + Update: pluginsdk.DefaultTimeout(30 * time.Minute), + Delete: pluginsdk.DefaultTimeout(30 * time.Minute), + }, + + Importer: pluginsdk.ImporterValidatingResourceId(func(id string) error { + _, err := parse.SqlPoolVulnerabilityAssessmentBaselineID(id) + return err + }), + + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Required: true, + ValidateFunc: validation.StringIsNotEmpty, + }, + + "sql_pool_vulnerability_assessment_id": { + Type: pluginsdk.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: validate.SqlPoolVulnerabilityAssessmentID, + }, + + "rule_name": { + Type: pluginsdk.TypeString, + Required: true, + ValidateFunc: validation.StringIsNotEmpty, + }, + + "baseline": { + Type: pluginsdk.TypeList, + Optional: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "result": { + Type: pluginsdk.TypeList, + Required: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + }, + }, + }, + }, + }, + }, + } +} + +func resourceSynapseSqlPoolVulnerabilityAssessmentBaselineCreateUpdate(d *pluginsdk.ResourceData, meta interface{}) error { + client := meta.(*clients.Client).Synapse.SQLPoolVulnerabilityAssessmentRuleBaselinesClient + ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) + defer cancel() + + vulnerabilityAssessmentId, err := parse.SqlPoolVulnerabilityAssessmentID(d.Get("sql_pool_vulnerability_assessment_id").(string)) + if err != nil { + return err + } + + id := parse.NewSqlPoolVulnerabilityAssessmentBaselineID(vulnerabilityAssessmentId.SubscriptionId, vulnerabilityAssessmentId.ResourceGroup, + vulnerabilityAssessmentId.WorkspaceName, vulnerabilityAssessmentId.SqlPoolName, vulnerabilityAssessmentId.VulnerabilityAssessmentName, d.Get("rule_name").(string), d.Get("name").(string)) + + if d.IsNewResource() { + existing, err := client.Get(ctx, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.RuleName, synapse.VulnerabilityAssessmentPolicyBaselineName(id.BaselineName)) + if err != nil { + if !utils.ResponseWasNotFound(existing.Response) { + return fmt.Errorf("checking for existing %s: %+v", id, err) + } + } + if !utils.ResponseWasNotFound(existing.Response) { + return tf.ImportAsExistsError("azurerm_synapse_sql_pool_vulnerability_assessment_baseline", id.ID()) + } + } + + parameters := synapse.SQLPoolVulnerabilityAssessmentRuleBaseline{ + SQLPoolVulnerabilityAssessmentRuleBaselineProperties: &synapse.SQLPoolVulnerabilityAssessmentRuleBaselineProperties{ + BaselineResults: expandSQLPoolVulnerabilityAssessmentRuleBaselineSQLPoolVulnerabilityAssessmentRuleBaselineItemArray(d.Get("baseline").([]interface{})), + }, + } + if _, err := client.CreateOrUpdate(ctx, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.RuleName, synapse.VulnerabilityAssessmentPolicyBaselineName(id.BaselineName), parameters); err != nil { + return fmt.Errorf("creating/updating %s: %+v", id, err) + } + + d.SetId(id.ID()) + + return resourceSynapseSqlPoolVulnerabilityAssessmentBaselineRead(d, meta) +} + +func resourceSynapseSqlPoolVulnerabilityAssessmentBaselineRead(d *pluginsdk.ResourceData, meta interface{}) error { + client := meta.(*clients.Client).Synapse.SQLPoolVulnerabilityAssessmentRuleBaselinesClient + ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) + defer cancel() + + id, err := parse.SqlPoolVulnerabilityAssessmentBaselineID(d.Id()) + if err != nil { + return err + } + + resp, err := client.Get(ctx, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.RuleName, synapse.VulnerabilityAssessmentPolicyBaselineName(id.BaselineName)) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + log.Printf("[INFO] synapse %s does not exist - removing from state", id) + d.SetId("") + return nil + } + + return fmt.Errorf("retrieving %s: %+v", id, err) + } + + d.Set("name", id.BaselineName) + d.Set("rule_name", id.RuleName) + d.Set("sql_pool_vulnerability_assessment_id", parse.NewSqlPoolVulnerabilityAssessmentID(id.SubscriptionId, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.VulnerabilityAssessmentName).ID()) + if props := resp.SQLPoolVulnerabilityAssessmentRuleBaselineProperties; props != nil { + if err := d.Set("baseline", flattenSQLPoolVulnerabilityAssessmentRuleBaselineSQLPoolVulnerabilityAssessmentRuleBaselineItemArray(props.BaselineResults)); err != nil { + return fmt.Errorf("setting `baseline`: %+v", err) + } + } + return nil +} + +func resourceSynapseSqlPoolVulnerabilityAssessmentBaselineDelete(d *pluginsdk.ResourceData, meta interface{}) error { + client := meta.(*clients.Client).Synapse.SQLPoolVulnerabilityAssessmentRuleBaselinesClient + ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) + defer cancel() + + id, err := parse.SqlPoolVulnerabilityAssessmentBaselineID(d.Id()) + if err != nil { + return err + } + + if _, err = client.Delete(ctx, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.RuleName, synapse.VulnerabilityAssessmentPolicyBaselineName(id.BaselineName)); err != nil { + return fmt.Errorf("deleting %s: %+v", id, err) + } + + return nil +} + +func expandSQLPoolVulnerabilityAssessmentRuleBaselineSQLPoolVulnerabilityAssessmentRuleBaselineItemArray(input []interface{}) *[]synapse.SQLPoolVulnerabilityAssessmentRuleBaselineItem { + results := make([]synapse.SQLPoolVulnerabilityAssessmentRuleBaselineItem, 0) + for _, item := range input { + v := item.(map[string]interface{}) + results = append(results, synapse.SQLPoolVulnerabilityAssessmentRuleBaselineItem{ + Result: utils.ExpandStringSlice(v["result"].([]interface{})), + }) + } + return &results +} + +func flattenSQLPoolVulnerabilityAssessmentRuleBaselineSQLPoolVulnerabilityAssessmentRuleBaselineItemArray(input *[]synapse.SQLPoolVulnerabilityAssessmentRuleBaselineItem) []interface{} { + results := make([]interface{}, 0) + if input == nil { + return results + } + + for _, item := range *input { + results = append(results, map[string]interface{}{ + "result": utils.FlattenStringSlice(item.Result), + }) + } + return results +} diff --git a/internal/services/synapse/synapse_sql_pool_vulnerability_assessment_baseline_resource_test.go b/internal/services/synapse/synapse_sql_pool_vulnerability_assessment_baseline_resource_test.go new file mode 100644 index 000000000000..e679b3f6f87c --- /dev/null +++ b/internal/services/synapse/synapse_sql_pool_vulnerability_assessment_baseline_resource_test.go @@ -0,0 +1,221 @@ +package synapse_test + +import ( + "context" + "fmt" + "testing" + + "github.com/Azure/azure-sdk-for-go/services/synapse/mgmt/2021-03-01/synapse" + "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" + "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" + "github.com/hashicorp/terraform-provider-azurerm/internal/clients" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/synapse/parse" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" + "github.com/hashicorp/terraform-provider-azurerm/utils" +) + +type SynapseSqlPoolVulnerabilityAssessmentBaselineResource struct{} + +func TestAccSynapseSqlPoolVulnerabilityAssessmentBaseline_basic(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_synapse_sql_pool_vulnerability_assessment_baseline", "test") + r := SynapseSqlPoolVulnerabilityAssessmentBaselineResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.basic(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + +func TestAccSynapseSqlPoolVulnerabilityAssessmentBaseline_requiresImport(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_synapse_sql_pool_vulnerability_assessment_baseline", "test") + r := SynapseSqlPoolVulnerabilityAssessmentBaselineResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.basic(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.RequiresImportErrorStep(r.requiresImport), + }) +} + +func TestAccSynapseSqlPoolVulnerabilityAssessmentBaseline_complete(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_synapse_sql_pool_vulnerability_assessment_baseline", "test") + r := SynapseSqlPoolVulnerabilityAssessmentBaselineResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.complete(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + +func TestAccSynapseSqlPoolVulnerabilityAssessmentBaseline_update(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_synapse_sql_pool_vulnerability_assessment_baseline", "test") + r := SynapseSqlPoolVulnerabilityAssessmentBaselineResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.basic(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.complete(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.basic(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + +func (SynapseSqlPoolVulnerabilityAssessmentBaselineResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { + id, err := parse.SqlPoolVulnerabilityAssessmentBaselineID(state.ID) + if err != nil { + return nil, err + } + + resp, err := client.Synapse.SQLPoolVulnerabilityAssessmentRuleBaselinesClient.Get(ctx, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.RuleName, synapse.VulnerabilityAssessmentPolicyBaselineName(id.BaselineName)) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + return utils.Bool(false), nil + } + return nil, fmt.Errorf("retrieving %s: %+v", id, err) + } + + return utils.Bool(resp.ID != nil), nil +} + +func (r SynapseSqlPoolVulnerabilityAssessmentBaselineResource) basic(data acceptance.TestData) string { + return fmt.Sprintf(` +%s + +resource "azurerm_synapse_sql_pool_vulnerability_assessment_baseline" "test" { + name = "%s" + rule_name = "VA1017" + sql_pool_vulnerability_assessment_id = azurerm_synapse_sql_pool_vulnerability_assessment.test.id +} +`, r.template(data), data.RandomString) +} + +func (r SynapseSqlPoolVulnerabilityAssessmentBaselineResource) requiresImport(data acceptance.TestData) string { + return fmt.Sprintf(` +%s + +resource "azurerm_synapse_sql_pool_vulnerability_assessment_baseline" "import" { + name = azurerm_synapse_sql_pool_vulnerability_assessment_baseline.test.name + rule_name = azurerm_synapse_sql_pool_vulnerability_assessment_baseline.test.rule_name + sql_pool_vulnerability_assessment_id = azurerm_synapse_sql_pool_vulnerability_assessment_baseline.test.sql_pool_vulnerability_assessment_id +} +`, r.basic(data)) +} + +func (r SynapseSqlPoolVulnerabilityAssessmentBaselineResource) complete(data acceptance.TestData) string { + return fmt.Sprintf(` +%s + +resource "azurerm_synapse_sql_pool_vulnerability_assessment_baseline" "test" { + name = "%s" + rule_name = "VA1017" + sql_pool_vulnerability_assessment_id = azurerm_synapse_sql_pool_vulnerability_assessment.test.id + baseline { + result = ["userA", "SELECT"] + } + baseline { + result = ["userB", "SELECT"] + } +} +`, r.template(data), data.RandomString) +} + +func (SynapseSqlPoolVulnerabilityAssessmentBaselineResource) template(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-synapse-%[1]d" + location = "%[2]s" +} + +resource "azurerm_storage_account" "sw" { + name = "acctestsa%[3]ssw" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + account_kind = "BlobStorage" + account_tier = "Standard" + account_replication_type = "LRS" +} + +resource "azurerm_storage_data_lake_gen2_filesystem" "test" { + name = "acctest-%[1]d" + storage_account_id = azurerm_storage_account.sw.id +} + +resource "azurerm_synapse_workspace" "test" { + name = "acctestsw%[1]d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.test.id + sql_administrator_login = "sqladminuser" + sql_administrator_login_password = "H@Sh1CoR3!" +} + +resource "azurerm_synapse_sql_pool" "test" { + name = "acctestsp%[3]s" + synapse_workspace_id = azurerm_synapse_workspace.test.id + sku_name = "DW100c" + create_mode = "Default" +} + +resource "azurerm_storage_account" "test" { + name = "acctestsa%[3]s" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + account_kind = "BlobStorage" + account_tier = "Standard" + account_replication_type = "LRS" +} + +resource "azurerm_storage_container" "test" { + name = "acctestsc%[1]d" + storage_account_name = azurerm_storage_account.test.name + container_access_type = "private" +} + +resource "azurerm_synapse_sql_pool_security_alert_policy" "test" { + sql_pool_id = azurerm_synapse_sql_pool.test.id + policy_state = "Enabled" + storage_endpoint = azurerm_storage_account.test.primary_blob_endpoint + storage_account_access_key = azurerm_storage_account.test.primary_access_key +} + +resource "azurerm_synapse_sql_pool_vulnerability_assessment" "test" { + sql_pool_security_alert_policy_id = azurerm_synapse_sql_pool_security_alert_policy.test.id + storage_container_path = "${azurerm_storage_account.test.primary_blob_endpoint}${azurerm_storage_container.test.name}/" + storage_account_access_key = azurerm_storage_account.test.primary_access_key +} +`, data.RandomInteger, data.Locations.Primary, data.RandomString) +} diff --git a/internal/services/synapse/validate/sql_pool_vulnerability_assessment_baseline_id.go b/internal/services/synapse/validate/sql_pool_vulnerability_assessment_baseline_id.go new file mode 100644 index 000000000000..20038e452d94 --- /dev/null +++ b/internal/services/synapse/validate/sql_pool_vulnerability_assessment_baseline_id.go @@ -0,0 +1,23 @@ +package validate + +// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten + +import ( + "fmt" + + "github.com/hashicorp/terraform-provider-azurerm/internal/services/synapse/parse" +) + +func SqlPoolVulnerabilityAssessmentBaselineID(input interface{}, key string) (warnings []string, errors []error) { + v, ok := input.(string) + if !ok { + errors = append(errors, fmt.Errorf("expected %q to be a string", key)) + return + } + + if _, err := parse.SqlPoolVulnerabilityAssessmentBaselineID(v); err != nil { + errors = append(errors, err) + } + + return +} diff --git a/internal/services/synapse/validate/sql_pool_vulnerability_assessment_baseline_id_test.go b/internal/services/synapse/validate/sql_pool_vulnerability_assessment_baseline_id_test.go new file mode 100644 index 000000000000..28669cc50111 --- /dev/null +++ b/internal/services/synapse/validate/sql_pool_vulnerability_assessment_baseline_id_test.go @@ -0,0 +1,124 @@ +package validate + +// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten + +import "testing" + +func TestSqlPoolVulnerabilityAssessmentBaselineID(t *testing.T) { + cases := []struct { + Input string + Valid bool + }{ + + { + // empty + Input: "", + Valid: false, + }, + + { + // missing SubscriptionId + Input: "/", + Valid: false, + }, + + { + // missing value for SubscriptionId + Input: "/subscriptions/", + Valid: false, + }, + + { + // missing ResourceGroup + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/", + Valid: false, + }, + + { + // missing value for ResourceGroup + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/", + Valid: false, + }, + + { + // missing WorkspaceName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/", + Valid: false, + }, + + { + // missing value for WorkspaceName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/", + Valid: false, + }, + + { + // missing SqlPoolName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/", + Valid: false, + }, + + { + // missing value for SqlPoolName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/", + Valid: false, + }, + + { + // missing VulnerabilityAssessmentName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/", + Valid: false, + }, + + { + // missing value for VulnerabilityAssessmentName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/", + Valid: false, + }, + + { + // missing RuleName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/", + Valid: false, + }, + + { + // missing value for RuleName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/", + Valid: false, + }, + + { + // missing BaselineName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/rule1/", + Valid: false, + }, + + { + // missing value for BaselineName + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/rule1/baselines/", + Valid: false, + }, + + { + // valid + Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/rule1/baselines/baseline1", + Valid: true, + }, + + { + // upper-cased + Input: "/SUBSCRIPTIONS/12345678-1234-9876-4563-123456789012/RESOURCEGROUPS/RESGROUP1/PROVIDERS/MICROSOFT.SYNAPSE/WORKSPACES/WORKSPACE1/SQLPOOLS/SQLPOOL1/VULNERABILITYASSESSMENTS/DEFAULT/RULES/RULE1/BASELINES/BASELINE1", + Valid: false, + }, + } + for _, tc := range cases { + t.Logf("[DEBUG] Testing Value %s", tc.Input) + _, errors := SqlPoolVulnerabilityAssessmentBaselineID(tc.Input, "test") + valid := len(errors) == 0 + + if tc.Valid != valid { + t.Fatalf("Expected %t but got %t", tc.Valid, valid) + } + } +} diff --git a/website/docs/r/synapse_sql_pool_vulnerability_assessment_baseline.html.markdown b/website/docs/r/synapse_sql_pool_vulnerability_assessment_baseline.html.markdown new file mode 100644 index 000000000000..f8a7aba336ce --- /dev/null +++ b/website/docs/r/synapse_sql_pool_vulnerability_assessment_baseline.html.markdown @@ -0,0 +1,137 @@ +--- +subcategory: "Synapse" +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_synapse_sql_pool_vulnerability_assessment_baseline" +description: |- + Manages a Vulnerability Assessment Rule Baseline for Synapse SQL Pool. +--- + +# azurerm_synapse_sql_pool_vulnerability_assessment_baseline + +Manages a Synapse SQL Pool Vulnerability Assessment Rule Baseline. + +## Example Usage + +```hcl +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "example" { + name = "example" + location = "west europe" +} + +resource "azurerm_storage_account" "example" { + name = "example" + resource_group_name = azurerm_resource_group.example.name + location = azurerm_resource_group.example.location + account_kind = "BlobStorage" + account_tier = "Standard" + account_replication_type = "LRS" +} + +resource "azurerm_storage_data_lake_gen2_filesystem" "example" { + name = "example" + storage_account_id = azurerm_storage_account.example.id +} + +resource "azurerm_synapse_workspace" "example" { + name = "example" + resource_group_name = azurerm_resource_group.example.name + location = azurerm_resource_group.example.location + storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.example.id + sql_administrator_login = "sqladminuser" + sql_administrator_login_password = "H@Sh1CoR3!" +} + +resource "azurerm_synapse_sql_pool" "example" { + name = "example" + synapse_workspace_id = azurerm_synapse_workspace.example.id + sku_name = "DW100c" + create_mode = "Default" +} + +resource "azurerm_storage_account" "example" { + name = "example" + resource_group_name = azurerm_resource_group.example.name + location = azurerm_resource_group.example.location + account_kind = "BlobStorage" + account_tier = "Standard" + account_replication_type = "LRS" +} + +resource "azurerm_storage_container" "example" { + name = "example" + storage_account_name = azurerm_storage_account.example.name + container_access_type = "private" +} + +resource "azurerm_synapse_sql_pool_security_alert_policy" "example" { + sql_pool_id = azurerm_synapse_sql_pool.example.id + policy_state = "Enabled" + storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint + storage_account_access_key = azurerm_storage_account.example.primary_access_key +} + +resource "azurerm_synapse_sql_pool_vulnerability_assessment" "example" { + sql_pool_security_alert_policy_id = azurerm_synapse_sql_pool_security_alert_policy.example.id + storage_container_path = "${azurerm_storage_account.example.primary_blob_endpoint}${azurerm_storage_container.example.name}/" + storage_account_access_key = azurerm_storage_account.example.primary_access_key +} + +resource "azurerm_synapse_sql_pool_vulnerability_assessment_baseline" "example" { + name = "default" + rule_name = "VA1017" + sql_pool_vulnerability_assessment_id = azurerm_synapse_sql_pool_vulnerability_assessment.test.id + baseline { + result = ["userA", "SELECT"] + } + baseline { + result = ["userB", "SELECT"] + } +} +``` + +## Arguments Reference + +The following arguments are supported: + +* `name` - (Required) The name which should be used for this Synapse SQL Pool Vulnerability Assessment Rule Baseline. + +* `rule_name` - (Required) The ID of the vulnerability assessment rule. + +* `sql_pool_vulnerability_assessment_id` - (Required) The ID of the Synapse SQL Pool Vulnerability Assessment. Changing this forces a new Synapse SQL Pool Vulnerability Assessment Rule Baseline to be created. + +--- + +* `baseline` - (Optional) One or more `baseline` blocks as defined below. + +--- + +A `baseline` block supports the following: + +* `result` - (Required) Specifies a list of rule baseline result. + +## Attributes Reference + +In addition to the Arguments listed above - the following Attributes are exported: + +* `id` - The ID of the Synapse SQL Pool Vulnerability Assessment Rule Baseline. + +## Timeouts + +The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: + +* `create` - (Defaults to 30 minutes) Used when creating the Synapse SQL Pool Vulnerability Assessment Rule Baseline. +* `read` - (Defaults to 5 minutes) Used when retrieving the Synapse SQL Pool Vulnerability Assessment Rule Baseline. +* `update` - (Defaults to 30 minutes) Used when updating the Synapse SQL Pool Vulnerability Assessment Rule Baseline. +* `delete` - (Defaults to 30 minutes) Used when deleting the Synapse SQL Pool Vulnerability Assessment Rule Baseline. + +## Import + +Synapse SQL Pool Vulnerability Assessment Rule Baselines can be imported using the `resource id`, e.g. + +```shell +terraform import azurerm_synapse_sql_pool_vulnerability_assessment_baseline.example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/default/rules/rule1/baselines/baseline1 +```