Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add capability to enable vulnerability assessments for Azure Synapse SQL Pools #13276

Merged
merged 7 commits into from
Sep 16, 2021
Merged

Add capability to enable vulnerability assessments for Azure Synapse SQL Pools #13276

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
be86120
new resource "azurerm_synapse_workspace_security_alert_policy"
owenfarrell Aug 12, 2021
8bc0514
new resource "azurerm_synapse_sql_pool_security_alert_policy"
owenfarrell Aug 12, 2021
f45313f
new resource "azurerm_synapse_workspace_vulnerability_assessment"
owenfarrell Aug 12, 2021
9a58fbe
new resource "azurerm_synapse_sql_pool_vulnerability_assessment"
owenfarrell Aug 12, 2021
744ea11
Merge branch 'main' into synapse-vulnerability-assessment
owenfarrell Sep 15, 2021
35bf494
Apply suggestions from code review
owenfarrell Sep 15, 2021
bdd4d1a
Incorporate schema change suggestions from code review
owenfarrell Sep 15, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions internal/services/synapse/client/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,14 @@ type Client struct {
PrivateLinkHubsClient *synapse.PrivateLinkHubsClient
SparkPoolClient *synapse.BigDataPoolsClient
SqlPoolClient *synapse.SQLPoolsClient
SqlPoolSecurityAlertPolicyClient *synapse.SQLPoolSecurityAlertPoliciesClient
SqlPoolTransparentDataEncryptionClient *synapse.SQLPoolTransparentDataEncryptionsClient
SqlPoolVulnerabilityAssessmentsClient *synapse.SQLPoolVulnerabilityAssessmentsClient
WorkspaceClient *synapse.WorkspacesClient
WorkspaceAadAdminsClient *synapse.WorkspaceAadAdminsClient
WorkspaceManagedIdentitySQLControlSettingsClient *synapse.WorkspaceManagedIdentitySQLControlSettingsClient
WorkspaceSecurityAlertPolicyClient *synapse.WorkspaceManagedSQLServerSecurityAlertPolicyClient
WorkspaceVulnerabilityAssessmentsClient *synapse.WorkspaceManagedSQLServerVulnerabilityAssessmentsClient

synapseAuthorizer autorest.Authorizer
}
Expand All @@ -37,9 +41,15 @@ func NewClient(o *common.ClientOptions) *Client {
sqlPoolClient := synapse.NewSQLPoolsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&sqlPoolClient.Client, o.ResourceManagerAuthorizer)

sqlPoolSecurityAlertPolicyClient := synapse.NewSQLPoolSecurityAlertPoliciesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&sqlPoolSecurityAlertPolicyClient.Client, o.ResourceManagerAuthorizer)

sqlPoolTransparentDataEncryptionClient := synapse.NewSQLPoolTransparentDataEncryptionsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&sqlPoolTransparentDataEncryptionClient.Client, o.ResourceManagerAuthorizer)

sqlPoolVulnerabilityAssessmentsClient := synapse.NewSQLPoolVulnerabilityAssessmentsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&sqlPoolVulnerabilityAssessmentsClient.Client, o.ResourceManagerAuthorizer)

workspaceClient := synapse.NewWorkspacesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&workspaceClient.Client, o.ResourceManagerAuthorizer)

Expand All @@ -49,15 +59,25 @@ func NewClient(o *common.ClientOptions) *Client {
workspaceManagedIdentitySQLControlSettingsClient := synapse.NewWorkspaceManagedIdentitySQLControlSettingsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&workspaceManagedIdentitySQLControlSettingsClient.Client, o.ResourceManagerAuthorizer)

workspaceSecurityAlertPolicyClient := synapse.NewWorkspaceManagedSQLServerSecurityAlertPolicyClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&workspaceSecurityAlertPolicyClient.Client, o.ResourceManagerAuthorizer)

workspaceVulnerabilityAssessmentsClient := synapse.NewWorkspaceManagedSQLServerVulnerabilityAssessmentsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&workspaceVulnerabilityAssessmentsClient.Client, o.ResourceManagerAuthorizer)

return &Client{
FirewallRulesClient: &firewallRuleClient,
PrivateLinkHubsClient: &privateLinkHubsClient,
SparkPoolClient: &sparkPoolClient,
SqlPoolClient: &sqlPoolClient,
SqlPoolSecurityAlertPolicyClient: &sqlPoolSecurityAlertPolicyClient,
SqlPoolTransparentDataEncryptionClient: &sqlPoolTransparentDataEncryptionClient,
SqlPoolVulnerabilityAssessmentsClient: &sqlPoolVulnerabilityAssessmentsClient,
WorkspaceClient: &workspaceClient,
WorkspaceAadAdminsClient: &workspaceAadAdminsClient,
WorkspaceManagedIdentitySQLControlSettingsClient: &workspaceManagedIdentitySQLControlSettingsClient,
WorkspaceSecurityAlertPolicyClient: &workspaceSecurityAlertPolicyClient,
WorkspaceVulnerabilityAssessmentsClient: &workspaceVulnerabilityAssessmentsClient,

synapseAuthorizer: o.SynapseAuthorizer,
}
Expand Down
81 changes: 81 additions & 0 deletions internal/services/synapse/parse/sql_pool_security_alert_policy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
package parse

// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten

import (
"fmt"
"strings"

"github.com/hashicorp/terraform-provider-azurerm/helpers/azure"
)

type SqlPoolSecurityAlertPolicyId struct {
SubscriptionId string
ResourceGroup string
WorkspaceName string
SqlPoolName string
SecurityAlertPolicyName string
}

func NewSqlPoolSecurityAlertPolicyID(subscriptionId, resourceGroup, workspaceName, sqlPoolName, securityAlertPolicyName string) SqlPoolSecurityAlertPolicyId {
return SqlPoolSecurityAlertPolicyId{
SubscriptionId: subscriptionId,
ResourceGroup: resourceGroup,
WorkspaceName: workspaceName,
SqlPoolName: sqlPoolName,
SecurityAlertPolicyName: securityAlertPolicyName,
}
}

func (id SqlPoolSecurityAlertPolicyId) String() string {
segments := []string{
fmt.Sprintf("Security Alert Policy Name %q", id.SecurityAlertPolicyName),
fmt.Sprintf("Sql Pool Name %q", id.SqlPoolName),
fmt.Sprintf("Workspace Name %q", id.WorkspaceName),
fmt.Sprintf("Resource Group %q", id.ResourceGroup),
}
segmentsStr := strings.Join(segments, " / ")
return fmt.Sprintf("%s: (%s)", "Sql Pool Security Alert Policy", segmentsStr)
}

func (id SqlPoolSecurityAlertPolicyId) ID() string {
fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Synapse/workspaces/%s/sqlPools/%s/securityAlertPolicies/%s"
return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.SecurityAlertPolicyName)
}

// SqlPoolSecurityAlertPolicyID parses a SqlPoolSecurityAlertPolicy ID into an SqlPoolSecurityAlertPolicyId struct
func SqlPoolSecurityAlertPolicyID(input string) (*SqlPoolSecurityAlertPolicyId, error) {
id, err := azure.ParseAzureResourceID(input)
if err != nil {
return nil, err
}

resourceId := SqlPoolSecurityAlertPolicyId{
SubscriptionId: id.SubscriptionID,
ResourceGroup: id.ResourceGroup,
}

if resourceId.SubscriptionId == "" {
return nil, fmt.Errorf("ID was missing the 'subscriptions' element")
}

if resourceId.ResourceGroup == "" {
return nil, fmt.Errorf("ID was missing the 'resourceGroups' element")
}

if resourceId.WorkspaceName, err = id.PopSegment("workspaces"); err != nil {
return nil, err
}
if resourceId.SqlPoolName, err = id.PopSegment("sqlPools"); err != nil {
return nil, err
}
if resourceId.SecurityAlertPolicyName, err = id.PopSegment("securityAlertPolicies"); err != nil {
return nil, err
}

if err := id.ValidateNoEmptySegments(input); err != nil {
return nil, err
}

return &resourceId, nil
}
144 changes: 144 additions & 0 deletions internal/services/synapse/parse/sql_pool_security_alert_policy_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
package parse

// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten

import (
"testing"

"github.com/hashicorp/terraform-provider-azurerm/internal/resourceid"
)

var _ resourceid.Formatter = SqlPoolSecurityAlertPolicyId{}

func TestSqlPoolSecurityAlertPolicyIDFormatter(t *testing.T) {
actual := NewSqlPoolSecurityAlertPolicyID("12345678-1234-9876-4563-123456789012", "resGroup1", "workspace1", "sqlPool1", "Default").ID()
expected := "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/securityAlertPolicies/Default"
if actual != expected {
t.Fatalf("Expected %q but got %q", expected, actual)
}
}

func TestSqlPoolSecurityAlertPolicyID(t *testing.T) {
testData := []struct {
Input string
Error bool
Expected *SqlPoolSecurityAlertPolicyId
}{

{
// empty
Input: "",
Error: true,
},

{
// missing SubscriptionId
Input: "/",
Error: true,
},

{
// missing value for SubscriptionId
Input: "/subscriptions/",
Error: true,
},

{
// missing ResourceGroup
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/",
Error: true,
},

{
// missing value for ResourceGroup
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/",
Error: true,
},

{
// missing WorkspaceName
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/",
Error: true,
},

{
// missing value for WorkspaceName
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/",
Error: true,
},

{
// missing SqlPoolName
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/",
Error: true,
},

{
// missing value for SqlPoolName
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/",
Error: true,
},

{
// missing SecurityAlertPolicyName
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/",
Error: true,
},

{
// missing value for SecurityAlertPolicyName
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/securityAlertPolicies/",
Error: true,
},

{
// valid
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/securityAlertPolicies/Default",
Expected: &SqlPoolSecurityAlertPolicyId{
SubscriptionId: "12345678-1234-9876-4563-123456789012",
ResourceGroup: "resGroup1",
WorkspaceName: "workspace1",
SqlPoolName: "sqlPool1",
SecurityAlertPolicyName: "Default",
},
},

{
// upper-cased
Input: "/SUBSCRIPTIONS/12345678-1234-9876-4563-123456789012/RESOURCEGROUPS/RESGROUP1/PROVIDERS/MICROSOFT.SYNAPSE/WORKSPACES/WORKSPACE1/SQLPOOLS/SQLPOOL1/SECURITYALERTPOLICIES/DEFAULT",
Error: true,
},
}

for _, v := range testData {
t.Logf("[DEBUG] Testing %q", v.Input)

actual, err := SqlPoolSecurityAlertPolicyID(v.Input)
if err != nil {
if v.Error {
continue
}

t.Fatalf("Expect a value but got an error: %s", err)
}
if v.Error {
t.Fatal("Expect an error but didn't get one")
}

if actual.SubscriptionId != v.Expected.SubscriptionId {
t.Fatalf("Expected %q but got %q for SubscriptionId", v.Expected.SubscriptionId, actual.SubscriptionId)
}
if actual.ResourceGroup != v.Expected.ResourceGroup {
t.Fatalf("Expected %q but got %q for ResourceGroup", v.Expected.ResourceGroup, actual.ResourceGroup)
}
if actual.WorkspaceName != v.Expected.WorkspaceName {
t.Fatalf("Expected %q but got %q for WorkspaceName", v.Expected.WorkspaceName, actual.WorkspaceName)
}
if actual.SqlPoolName != v.Expected.SqlPoolName {
t.Fatalf("Expected %q but got %q for SqlPoolName", v.Expected.SqlPoolName, actual.SqlPoolName)
}
if actual.SecurityAlertPolicyName != v.Expected.SecurityAlertPolicyName {
t.Fatalf("Expected %q but got %q for SecurityAlertPolicyName", v.Expected.SecurityAlertPolicyName, actual.SecurityAlertPolicyName)
}
}
}
81 changes: 81 additions & 0 deletions internal/services/synapse/parse/sql_pool_vulnerability_assessment.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
package parse

// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten

import (
"fmt"
"strings"

"github.com/hashicorp/terraform-provider-azurerm/helpers/azure"
)

type SqlPoolVulnerabilityAssessmentId struct {
SubscriptionId string
ResourceGroup string
WorkspaceName string
SqlPoolName string
VulnerabilityAssessmentName string
}

func NewSqlPoolVulnerabilityAssessmentID(subscriptionId, resourceGroup, workspaceName, sqlPoolName, vulnerabilityAssessmentName string) SqlPoolVulnerabilityAssessmentId {
return SqlPoolVulnerabilityAssessmentId{
SubscriptionId: subscriptionId,
ResourceGroup: resourceGroup,
WorkspaceName: workspaceName,
SqlPoolName: sqlPoolName,
VulnerabilityAssessmentName: vulnerabilityAssessmentName,
}
}

func (id SqlPoolVulnerabilityAssessmentId) String() string {
segments := []string{
fmt.Sprintf("Vulnerability Assessment Name %q", id.VulnerabilityAssessmentName),
fmt.Sprintf("Sql Pool Name %q", id.SqlPoolName),
fmt.Sprintf("Workspace Name %q", id.WorkspaceName),
fmt.Sprintf("Resource Group %q", id.ResourceGroup),
}
segmentsStr := strings.Join(segments, " / ")
return fmt.Sprintf("%s: (%s)", "Sql Pool Vulnerability Assessment", segmentsStr)
}

func (id SqlPoolVulnerabilityAssessmentId) ID() string {
fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Synapse/workspaces/%s/sqlPools/%s/vulnerabilityAssessments/%s"
return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.VulnerabilityAssessmentName)
}

// SqlPoolVulnerabilityAssessmentID parses a SqlPoolVulnerabilityAssessment ID into an SqlPoolVulnerabilityAssessmentId struct
func SqlPoolVulnerabilityAssessmentID(input string) (*SqlPoolVulnerabilityAssessmentId, error) {
id, err := azure.ParseAzureResourceID(input)
if err != nil {
return nil, err
}

resourceId := SqlPoolVulnerabilityAssessmentId{
SubscriptionId: id.SubscriptionID,
ResourceGroup: id.ResourceGroup,
}

if resourceId.SubscriptionId == "" {
return nil, fmt.Errorf("ID was missing the 'subscriptions' element")
}

if resourceId.ResourceGroup == "" {
return nil, fmt.Errorf("ID was missing the 'resourceGroups' element")
}

if resourceId.WorkspaceName, err = id.PopSegment("workspaces"); err != nil {
return nil, err
}
if resourceId.SqlPoolName, err = id.PopSegment("sqlPools"); err != nil {
return nil, err
}
if resourceId.VulnerabilityAssessmentName, err = id.PopSegment("vulnerabilityAssessments"); err != nil {
return nil, err
}

if err := id.ValidateNoEmptySegments(input); err != nil {
return nil, err
}

return &resourceId, nil
}
Loading