Microsoft.MachineLearningServices workspaces/datastores 2022-06-01-preview

Bicep resource definition

The workspaces/datastores resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.MachineLearningServices/workspaces/datastores resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.MachineLearningServices/workspaces/datastores@2022-06-01-preview' = {
  name: 'string'
  parent: resourceSymbolicName
  properties: {
    credentials: {
      credentialsType: 'string'
      // For remaining properties, see DatastoreCredentials objects
    }
    description: 'string'
    properties: {
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
    }
    tags: {
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
      {customized property}: 'string'
    }
    datastoreType: 'string'
    // For remaining properties, see DatastoreProperties objects
  }
}

DatastoreProperties objects

Set the datastoreType property to specify the type of object.

For AzureBlob, use:

  datastoreType: 'AzureBlob'
  accountName: 'string'
  containerName: 'string'
  endpoint: 'string'
  protocol: 'string'
  resourceGroup: 'string'
  serviceDataAccessAuthIdentity: 'string'
  subscriptionId: 'string'

For AzureDataLakeGen1, use:

  datastoreType: 'AzureDataLakeGen1'
  resourceGroup: 'string'
  serviceDataAccessAuthIdentity: 'string'
  storeName: 'string'
  subscriptionId: 'string'

For AzureDataLakeGen2, use:

  datastoreType: 'AzureDataLakeGen2'
  accountName: 'string'
  endpoint: 'string'
  filesystem: 'string'
  protocol: 'string'
  resourceGroup: 'string'
  serviceDataAccessAuthIdentity: 'string'
  subscriptionId: 'string'

For AzureFile, use:

  datastoreType: 'AzureFile'
  accountName: 'string'
  endpoint: 'string'
  fileShareName: 'string'
  protocol: 'string'
  resourceGroup: 'string'
  serviceDataAccessAuthIdentity: 'string'
  subscriptionId: 'string'

For Hdfs, use:

  datastoreType: 'Hdfs'
  hdfsServerCertificate: 'string'
  nameNodeAddress: 'string'
  protocol: 'string'

DatastoreCredentials objects

Set the credentialsType property to specify the type of object.

For AccountKey, use:

  credentialsType: 'AccountKey'
  secrets: {
    key: 'string'
    secretsType: 'string'
  }

For Certificate, use:

  credentialsType: 'Certificate'
  authorityUrl: 'string'
  clientId: 'string'
  resourceUrl: 'string'
  secrets: {
    certificate: 'string'
    secretsType: 'string'
  }
  tenantId: 'string'
  thumbprint: 'string'

For KerberosKeytab, use:

  credentialsType: 'KerberosKeytab'
  kerberosKdcAddress: 'string'
  kerberosPrincipal: 'string'
  kerberosRealm: 'string'
  secrets: {
    kerberosKeytab: 'string'
    secretsType: 'string'
  }

For KerberosPassword, use:

  credentialsType: 'KerberosPassword'
  kerberosKdcAddress: 'string'
  kerberosPrincipal: 'string'
  kerberosRealm: 'string'
  secrets: {
    kerberosPassword: 'string'
    secretsType: 'string'
  }

For None, use:

  credentialsType: 'None'

For Sas, use:

  credentialsType: 'Sas'
  secrets: {
    sasToken: 'string'
    secretsType: 'string'
  }

For ServicePrincipal, use:

  credentialsType: 'ServicePrincipal'
  authorityUrl: 'string'
  clientId: 'string'
  resourceUrl: 'string'
  secrets: {
    clientSecret: 'string'
    secretsType: 'string'
  }
  tenantId: 'string'

Property values

workspaces/datastores

Name Description Value
name The resource name

See how to set names and types for child resources in Bicep.
string (required)

Character limit: Maximum 255 characters for datastore name

Valid characters:
Datastore name consists only of lowercase letters, digits, and underscores.
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: workspaces
properties [Required] Additional attributes of the entity. DatastoreProperties (required)

DatastoreProperties

Name Description Value
credentials [Required] Account credentials. DatastoreCredentials (required)
description The asset description text. string
properties The asset property dictionary. ResourceBaseProperties
tags Tag dictionary. Tags can be added, removed, and updated. object
datastoreType Set the object type AzureBlob
AzureDataLakeGen1
AzureDataLakeGen2
AzureFile
Hdfs (required)

DatastoreCredentials

Name Description Value
credentialsType Set the object type AccountKey
Certificate
KerberosKeytab
KerberosPassword
None
Sas
ServicePrincipal (required)

AccountKeyDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'AccountKey' (required)
secrets [Required] Storage account secrets. AccountKeyDatastoreSecrets (required)

AccountKeyDatastoreSecrets

Name Description Value
key Storage account key. string
secretsType [Required] Credential type used to authentication with storage. 'AccountKey'
'Certificate'
'KerberosKeytab'
'KerberosPassword'
'Sas'
'ServicePrincipal' (required)

CertificateDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'Certificate' (required)
authorityUrl Authority URL used for authentication. string
clientId [Required] Service principal client ID. string (required)

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
resourceUrl Resource the service principal has access to. string
secrets [Required] Service principal secrets. CertificateDatastoreSecrets (required)
tenantId [Required] ID of the tenant to which the service principal belongs. string (required)

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
thumbprint [Required] Thumbprint of the certificate used for authentication. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]

CertificateDatastoreSecrets

Name Description Value
certificate Service principal certificate. string
secretsType [Required] Credential type used to authentication with storage. 'AccountKey'
'Certificate'
'KerberosKeytab'
'KerberosPassword'
'Sas'
'ServicePrincipal' (required)

KerberosKeytabCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'KerberosKeytab' (required)
kerberosKdcAddress [Required] IP Address or DNS HostName. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
kerberosPrincipal [Required] Kerberos Username string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
kerberosRealm [Required] Domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
secrets [Required] Keytab secrets. KerberosKeytabSecrets (required)

KerberosKeytabSecrets

Name Description Value
kerberosKeytab Kerberos keytab secret. string
secretsType [Required] Credential type used to authentication with storage. 'AccountKey'
'Certificate'
'KerberosKeytab'
'KerberosPassword'
'Sas'
'ServicePrincipal' (required)

KerberosPasswordCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'KerberosPassword' (required)
kerberosKdcAddress [Required] IP Address or DNS HostName. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
kerberosPrincipal [Required] Kerberos Username string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
kerberosRealm [Required] Domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
secrets [Required] Kerberos password secrets. KerberosPasswordSecrets (required)

KerberosPasswordSecrets

Name Description Value
kerberosPassword Kerberos password secret. string
secretsType [Required] Credential type used to authentication with storage. 'AccountKey'
'Certificate'
'KerberosKeytab'
'KerberosPassword'
'Sas'
'ServicePrincipal' (required)

NoneDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'None' (required)

SasDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'Sas' (required)
secrets [Required] Storage container secrets. SasDatastoreSecrets (required)

SasDatastoreSecrets

Name Description Value
sasToken Storage container SAS token. string
secretsType [Required] Credential type used to authentication with storage. 'AccountKey'
'Certificate'
'KerberosKeytab'
'KerberosPassword'
'Sas'
'ServicePrincipal' (required)

ServicePrincipalDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'ServicePrincipal' (required)
authorityUrl Authority URL used for authentication. string
clientId [Required] Service principal client ID. string (required)

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
resourceUrl Resource the service principal has access to. string
secrets [Required] Service principal secrets. ServicePrincipalDatastoreSecrets (required)
tenantId [Required] ID of the tenant to which the service principal belongs. string (required)

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$

ServicePrincipalDatastoreSecrets

Name Description Value
clientSecret Service principal secret. string
secretsType [Required] Credential type used to authentication with storage. 'AccountKey'
'Certificate'
'KerberosKeytab'
'KerberosPassword'
'Sas'
'ServicePrincipal' (required)

ResourceBaseProperties

Name Description Value
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string

AzureBlobDatastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. 'AzureBlob' (required)
accountName Storage account name. string
containerName Storage account container name. string
endpoint Azure cloud endpoint for the storage account. string
protocol Protocol used to communicate with the storage account. string
resourceGroup Azure Resource Group name string
serviceDataAccessAuthIdentity Indicates which identity to use to authenticate service data access to customer's storage. 'None'
'WorkspaceSystemAssignedIdentity'
'WorkspaceUserAssignedIdentity'
subscriptionId Azure Subscription Id string

AzureDataLakeGen1Datastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. 'AzureDataLakeGen1' (required)
resourceGroup Azure Resource Group name string
serviceDataAccessAuthIdentity Indicates which identity to use to authenticate service data access to customer's storage. 'None'
'WorkspaceSystemAssignedIdentity'
'WorkspaceUserAssignedIdentity'
storeName [Required] Azure Data Lake store name. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
subscriptionId Azure Subscription Id string

AzureDataLakeGen2Datastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. 'AzureDataLakeGen2' (required)
accountName [Required] Storage account name. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
endpoint Azure cloud endpoint for the storage account. string
filesystem [Required] The name of the Data Lake Gen2 filesystem. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
protocol Protocol used to communicate with the storage account. string
resourceGroup Azure Resource Group name string
serviceDataAccessAuthIdentity Indicates which identity to use to authenticate service data access to customer's storage. 'None'
'WorkspaceSystemAssignedIdentity'
'WorkspaceUserAssignedIdentity'
subscriptionId Azure Subscription Id string

AzureFileDatastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. 'AzureFile' (required)
accountName [Required] Storage account name. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
endpoint Azure cloud endpoint for the storage account. string
fileShareName [Required] The name of the Azure file share that the datastore points to. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
protocol Protocol used to communicate with the storage account. string
resourceGroup Azure Resource Group name string
serviceDataAccessAuthIdentity Indicates which identity to use to authenticate service data access to customer's storage. 'None'
'WorkspaceSystemAssignedIdentity'
'WorkspaceUserAssignedIdentity'
subscriptionId Azure Subscription Id string

HdfsDatastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. 'Hdfs' (required)
hdfsServerCertificate The TLS cert of the HDFS server. Needs to be a base64 encoded string. Required if "Https" protocol is selected. string
nameNodeAddress [Required] IP Address or DNS HostName. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
protocol Protocol used to communicate with the storage account (Https/Http). string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create AML workspace with multiple Datasets & Datastores

Deploy to Azure
This template creates Azure Machine Learning workspace with multiple datasets & datastores.
Create an Azure ADLS Datastore

Deploy to Azure
This template creates a ADLS datastore in Azure Machine Learning workspace.
Create an Azure ADLS Gen2 Datastore

Deploy to Azure
This template creates a ADLS Gen2 datastore in Azure Machine Learning workspace.
Create a Blob Storage Datastore

Deploy to Azure
This template creates a blob storage datastore in Azure Machine Learning workspace.
Create a Databricks File System Datastore

Deploy to Azure
This template creates a Databricks File System datastore in Azure Machine Learning workspace.
Create a File Share Datastore

Deploy to Azure
This template creates a file share datastore in Azure Machine Learning workspace.
Create an Azure MySQL Datastore

Deploy to Azure
This template creates a MySQL datastore in Azure Machine Learning workspace.
Create an Azure PostgreSQL Datastore

Deploy to Azure
This template creates a PostgreSQL datastore in Azure Machine Learning workspace.
Create an Azure SQL Datastore

Deploy to Azure
This template creates a SQL datastore in Azure Machine Learning workspace.

ARM template resource definition

The workspaces/datastores resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.MachineLearningServices/workspaces/datastores resource, add the following JSON to your template.

{
  "type": "Microsoft.MachineLearningServices/workspaces/datastores",
  "apiVersion": "2022-06-01-preview",
  "name": "string",
  "properties": {
    "credentials": {
      "credentialsType": "string"
      // For remaining properties, see DatastoreCredentials objects
    },
    "description": "string",
    "properties": {
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string"
    },
    "tags": {
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string",
      "{customized property}": "string"
    },
    "datastoreType": "string"
    // For remaining properties, see DatastoreProperties objects
  }
}

DatastoreProperties objects

Set the datastoreType property to specify the type of object.

For AzureBlob, use:

  "datastoreType": "AzureBlob",
  "accountName": "string",
  "containerName": "string",
  "endpoint": "string",
  "protocol": "string",
  "resourceGroup": "string",
  "serviceDataAccessAuthIdentity": "string",
  "subscriptionId": "string"

For AzureDataLakeGen1, use:

  "datastoreType": "AzureDataLakeGen1",
  "resourceGroup": "string",
  "serviceDataAccessAuthIdentity": "string",
  "storeName": "string",
  "subscriptionId": "string"

For AzureDataLakeGen2, use:

  "datastoreType": "AzureDataLakeGen2",
  "accountName": "string",
  "endpoint": "string",
  "filesystem": "string",
  "protocol": "string",
  "resourceGroup": "string",
  "serviceDataAccessAuthIdentity": "string",
  "subscriptionId": "string"

For AzureFile, use:

  "datastoreType": "AzureFile",
  "accountName": "string",
  "endpoint": "string",
  "fileShareName": "string",
  "protocol": "string",
  "resourceGroup": "string",
  "serviceDataAccessAuthIdentity": "string",
  "subscriptionId": "string"

For Hdfs, use:

  "datastoreType": "Hdfs",
  "hdfsServerCertificate": "string",
  "nameNodeAddress": "string",
  "protocol": "string"

DatastoreCredentials objects

Set the credentialsType property to specify the type of object.

For AccountKey, use:

  "credentialsType": "AccountKey",
  "secrets": {
    "key": "string",
    "secretsType": "string"
  }

For Certificate, use:

  "credentialsType": "Certificate",
  "authorityUrl": "string",
  "clientId": "string",
  "resourceUrl": "string",
  "secrets": {
    "certificate": "string",
    "secretsType": "string"
  },
  "tenantId": "string",
  "thumbprint": "string"

For KerberosKeytab, use:

  "credentialsType": "KerberosKeytab",
  "kerberosKdcAddress": "string",
  "kerberosPrincipal": "string",
  "kerberosRealm": "string",
  "secrets": {
    "kerberosKeytab": "string",
    "secretsType": "string"
  }

For KerberosPassword, use:

  "credentialsType": "KerberosPassword",
  "kerberosKdcAddress": "string",
  "kerberosPrincipal": "string",
  "kerberosRealm": "string",
  "secrets": {
    "kerberosPassword": "string",
    "secretsType": "string"
  }

For None, use:

  "credentialsType": "None"

For Sas, use:

  "credentialsType": "Sas",
  "secrets": {
    "sasToken": "string",
    "secretsType": "string"
  }

For ServicePrincipal, use:

  "credentialsType": "ServicePrincipal",
  "authorityUrl": "string",
  "clientId": "string",
  "resourceUrl": "string",
  "secrets": {
    "clientSecret": "string",
    "secretsType": "string"
  },
  "tenantId": "string"

Property values

workspaces/datastores

Name Description Value
type The resource type 'Microsoft.MachineLearningServices/workspaces/datastores'
apiVersion The resource api version '2022-06-01-preview'
name The resource name

See how to set names and types for child resources in JSON ARM templates.
string (required)

Character limit: Maximum 255 characters for datastore name

Valid characters:
Datastore name consists only of lowercase letters, digits, and underscores.
properties [Required] Additional attributes of the entity. DatastoreProperties (required)

DatastoreProperties

Name Description Value
credentials [Required] Account credentials. DatastoreCredentials (required)
description The asset description text. string
properties The asset property dictionary. ResourceBaseProperties
tags Tag dictionary. Tags can be added, removed, and updated. object
datastoreType Set the object type AzureBlob
AzureDataLakeGen1
AzureDataLakeGen2
AzureFile
Hdfs (required)

DatastoreCredentials

Name Description Value
credentialsType Set the object type AccountKey
Certificate
KerberosKeytab
KerberosPassword
None
Sas
ServicePrincipal (required)

AccountKeyDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'AccountKey' (required)
secrets [Required] Storage account secrets. AccountKeyDatastoreSecrets (required)

AccountKeyDatastoreSecrets

Name Description Value
key Storage account key. string
secretsType [Required] Credential type used to authentication with storage. 'AccountKey'
'Certificate'
'KerberosKeytab'
'KerberosPassword'
'Sas'
'ServicePrincipal' (required)

CertificateDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'Certificate' (required)
authorityUrl Authority URL used for authentication. string
clientId [Required] Service principal client ID. string (required)

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
resourceUrl Resource the service principal has access to. string
secrets [Required] Service principal secrets. CertificateDatastoreSecrets (required)
tenantId [Required] ID of the tenant to which the service principal belongs. string (required)

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
thumbprint [Required] Thumbprint of the certificate used for authentication. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]

CertificateDatastoreSecrets

Name Description Value
certificate Service principal certificate. string
secretsType [Required] Credential type used to authentication with storage. 'AccountKey'
'Certificate'
'KerberosKeytab'
'KerberosPassword'
'Sas'
'ServicePrincipal' (required)

KerberosKeytabCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'KerberosKeytab' (required)
kerberosKdcAddress [Required] IP Address or DNS HostName. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
kerberosPrincipal [Required] Kerberos Username string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
kerberosRealm [Required] Domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
secrets [Required] Keytab secrets. KerberosKeytabSecrets (required)

KerberosKeytabSecrets

Name Description Value
kerberosKeytab Kerberos keytab secret. string
secretsType [Required] Credential type used to authentication with storage. 'AccountKey'
'Certificate'
'KerberosKeytab'
'KerberosPassword'
'Sas'
'ServicePrincipal' (required)

KerberosPasswordCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'KerberosPassword' (required)
kerberosKdcAddress [Required] IP Address or DNS HostName. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
kerberosPrincipal [Required] Kerberos Username string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
kerberosRealm [Required] Domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
secrets [Required] Kerberos password secrets. KerberosPasswordSecrets (required)

KerberosPasswordSecrets

Name Description Value
kerberosPassword Kerberos password secret. string
secretsType [Required] Credential type used to authentication with storage. 'AccountKey'
'Certificate'
'KerberosKeytab'
'KerberosPassword'
'Sas'
'ServicePrincipal' (required)

NoneDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'None' (required)

SasDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'Sas' (required)
secrets [Required] Storage container secrets. SasDatastoreSecrets (required)

SasDatastoreSecrets

Name Description Value
sasToken Storage container SAS token. string
secretsType [Required] Credential type used to authentication with storage. 'AccountKey'
'Certificate'
'KerberosKeytab'
'KerberosPassword'
'Sas'
'ServicePrincipal' (required)

ServicePrincipalDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. 'ServicePrincipal' (required)
authorityUrl Authority URL used for authentication. string
clientId [Required] Service principal client ID. string (required)

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
resourceUrl Resource the service principal has access to. string
secrets [Required] Service principal secrets. ServicePrincipalDatastoreSecrets (required)
tenantId [Required] ID of the tenant to which the service principal belongs. string (required)

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$

ServicePrincipalDatastoreSecrets

Name Description Value
clientSecret Service principal secret. string
secretsType [Required] Credential type used to authentication with storage. 'AccountKey'
'Certificate'
'KerberosKeytab'
'KerberosPassword'
'Sas'
'ServicePrincipal' (required)

ResourceBaseProperties

Name Description Value
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string

AzureBlobDatastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. 'AzureBlob' (required)
accountName Storage account name. string
containerName Storage account container name. string
endpoint Azure cloud endpoint for the storage account. string
protocol Protocol used to communicate with the storage account. string
resourceGroup Azure Resource Group name string
serviceDataAccessAuthIdentity Indicates which identity to use to authenticate service data access to customer's storage. 'None'
'WorkspaceSystemAssignedIdentity'
'WorkspaceUserAssignedIdentity'
subscriptionId Azure Subscription Id string

AzureDataLakeGen1Datastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. 'AzureDataLakeGen1' (required)
resourceGroup Azure Resource Group name string
serviceDataAccessAuthIdentity Indicates which identity to use to authenticate service data access to customer's storage. 'None'
'WorkspaceSystemAssignedIdentity'
'WorkspaceUserAssignedIdentity'
storeName [Required] Azure Data Lake store name. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
subscriptionId Azure Subscription Id string

AzureDataLakeGen2Datastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. 'AzureDataLakeGen2' (required)
accountName [Required] Storage account name. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
endpoint Azure cloud endpoint for the storage account. string
filesystem [Required] The name of the Data Lake Gen2 filesystem. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
protocol Protocol used to communicate with the storage account. string
resourceGroup Azure Resource Group name string
serviceDataAccessAuthIdentity Indicates which identity to use to authenticate service data access to customer's storage. 'None'
'WorkspaceSystemAssignedIdentity'
'WorkspaceUserAssignedIdentity'
subscriptionId Azure Subscription Id string

AzureFileDatastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. 'AzureFile' (required)
accountName [Required] Storage account name. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
endpoint Azure cloud endpoint for the storage account. string
fileShareName [Required] The name of the Azure file share that the datastore points to. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
protocol Protocol used to communicate with the storage account. string
resourceGroup Azure Resource Group name string
serviceDataAccessAuthIdentity Indicates which identity to use to authenticate service data access to customer's storage. 'None'
'WorkspaceSystemAssignedIdentity'
'WorkspaceUserAssignedIdentity'
subscriptionId Azure Subscription Id string

HdfsDatastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. 'Hdfs' (required)
hdfsServerCertificate The TLS cert of the HDFS server. Needs to be a base64 encoded string. Required if "Https" protocol is selected. string
nameNodeAddress [Required] IP Address or DNS HostName. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
protocol Protocol used to communicate with the storage account (Https/Http). string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create AML workspace with multiple Datasets & Datastores

Deploy to Azure
This template creates Azure Machine Learning workspace with multiple datasets & datastores.
Create an Azure ADLS Datastore

Deploy to Azure
This template creates a ADLS datastore in Azure Machine Learning workspace.
Create an Azure ADLS Gen2 Datastore

Deploy to Azure
This template creates a ADLS Gen2 datastore in Azure Machine Learning workspace.
Create a Blob Storage Datastore

Deploy to Azure
This template creates a blob storage datastore in Azure Machine Learning workspace.
Create a Databricks File System Datastore

Deploy to Azure
This template creates a Databricks File System datastore in Azure Machine Learning workspace.
Create a File Share Datastore

Deploy to Azure
This template creates a file share datastore in Azure Machine Learning workspace.
Create an Azure MySQL Datastore

Deploy to Azure
This template creates a MySQL datastore in Azure Machine Learning workspace.
Create an Azure PostgreSQL Datastore

Deploy to Azure
This template creates a PostgreSQL datastore in Azure Machine Learning workspace.
Create an Azure SQL Datastore

Deploy to Azure
This template creates a SQL datastore in Azure Machine Learning workspace.

Terraform (AzAPI provider) resource definition

The workspaces/datastores resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.MachineLearningServices/workspaces/datastores resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.MachineLearningServices/workspaces/datastores@2022-06-01-preview"
  name = "string"
  parent_id = "string"
  body = jsonencode({
    properties = {
      credentials = {
        credentialsType = "string"
        // For remaining properties, see DatastoreCredentials objects
      }
      description = "string"
      properties = {
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
      }
      tags = {
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
        {customized property} = "string"
      }
      datastoreType = "string"
      // For remaining properties, see DatastoreProperties objects
    }
  })
}

DatastoreProperties objects

Set the datastoreType property to specify the type of object.

For AzureBlob, use:

  datastoreType = "AzureBlob"
  accountName = "string"
  containerName = "string"
  endpoint = "string"
  protocol = "string"
  resourceGroup = "string"
  serviceDataAccessAuthIdentity = "string"
  subscriptionId = "string"

For AzureDataLakeGen1, use:

  datastoreType = "AzureDataLakeGen1"
  resourceGroup = "string"
  serviceDataAccessAuthIdentity = "string"
  storeName = "string"
  subscriptionId = "string"

For AzureDataLakeGen2, use:

  datastoreType = "AzureDataLakeGen2"
  accountName = "string"
  endpoint = "string"
  filesystem = "string"
  protocol = "string"
  resourceGroup = "string"
  serviceDataAccessAuthIdentity = "string"
  subscriptionId = "string"

For AzureFile, use:

  datastoreType = "AzureFile"
  accountName = "string"
  endpoint = "string"
  fileShareName = "string"
  protocol = "string"
  resourceGroup = "string"
  serviceDataAccessAuthIdentity = "string"
  subscriptionId = "string"

For Hdfs, use:

  datastoreType = "Hdfs"
  hdfsServerCertificate = "string"
  nameNodeAddress = "string"
  protocol = "string"

DatastoreCredentials objects

Set the credentialsType property to specify the type of object.

For AccountKey, use:

  credentialsType = "AccountKey"
  secrets = {
    key = "string"
    secretsType = "string"
  }

For Certificate, use:

  credentialsType = "Certificate"
  authorityUrl = "string"
  clientId = "string"
  resourceUrl = "string"
  secrets = {
    certificate = "string"
    secretsType = "string"
  }
  tenantId = "string"
  thumbprint = "string"

For KerberosKeytab, use:

  credentialsType = "KerberosKeytab"
  kerberosKdcAddress = "string"
  kerberosPrincipal = "string"
  kerberosRealm = "string"
  secrets = {
    kerberosKeytab = "string"
    secretsType = "string"
  }

For KerberosPassword, use:

  credentialsType = "KerberosPassword"
  kerberosKdcAddress = "string"
  kerberosPrincipal = "string"
  kerberosRealm = "string"
  secrets = {
    kerberosPassword = "string"
    secretsType = "string"
  }

For None, use:

  credentialsType = "None"

For Sas, use:

  credentialsType = "Sas"
  secrets = {
    sasToken = "string"
    secretsType = "string"
  }

For ServicePrincipal, use:

  credentialsType = "ServicePrincipal"
  authorityUrl = "string"
  clientId = "string"
  resourceUrl = "string"
  secrets = {
    clientSecret = "string"
    secretsType = "string"
  }
  tenantId = "string"

Property values

workspaces/datastores

Name Description Value
type The resource type "Microsoft.MachineLearningServices/workspaces/datastores@2022-06-01-preview"
name The resource name string (required)

Character limit: Maximum 255 characters for datastore name

Valid characters:
Datastore name consists only of lowercase letters, digits, and underscores.
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: workspaces
properties [Required] Additional attributes of the entity. DatastoreProperties (required)

DatastoreProperties

Name Description Value
credentials [Required] Account credentials. DatastoreCredentials (required)
description The asset description text. string
properties The asset property dictionary. ResourceBaseProperties
tags Tag dictionary. Tags can be added, removed, and updated. object
datastoreType Set the object type AzureBlob
AzureDataLakeGen1
AzureDataLakeGen2
AzureFile
Hdfs (required)

DatastoreCredentials

Name Description Value
credentialsType Set the object type AccountKey
Certificate
KerberosKeytab
KerberosPassword
None
Sas
ServicePrincipal (required)

AccountKeyDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. "AccountKey" (required)
secrets [Required] Storage account secrets. AccountKeyDatastoreSecrets (required)

AccountKeyDatastoreSecrets

Name Description Value
key Storage account key. string
secretsType [Required] Credential type used to authentication with storage. "AccountKey"
"Certificate"
"KerberosKeytab"
"KerberosPassword"
"Sas"
"ServicePrincipal" (required)

CertificateDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. "Certificate" (required)
authorityUrl Authority URL used for authentication. string
clientId [Required] Service principal client ID. string (required)

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
resourceUrl Resource the service principal has access to. string
secrets [Required] Service principal secrets. CertificateDatastoreSecrets (required)
tenantId [Required] ID of the tenant to which the service principal belongs. string (required)

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
thumbprint [Required] Thumbprint of the certificate used for authentication. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]

CertificateDatastoreSecrets

Name Description Value
certificate Service principal certificate. string
secretsType [Required] Credential type used to authentication with storage. "AccountKey"
"Certificate"
"KerberosKeytab"
"KerberosPassword"
"Sas"
"ServicePrincipal" (required)

KerberosKeytabCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. "KerberosKeytab" (required)
kerberosKdcAddress [Required] IP Address or DNS HostName. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
kerberosPrincipal [Required] Kerberos Username string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
kerberosRealm [Required] Domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
secrets [Required] Keytab secrets. KerberosKeytabSecrets (required)

KerberosKeytabSecrets

Name Description Value
kerberosKeytab Kerberos keytab secret. string
secretsType [Required] Credential type used to authentication with storage. "AccountKey"
"Certificate"
"KerberosKeytab"
"KerberosPassword"
"Sas"
"ServicePrincipal" (required)

KerberosPasswordCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. "KerberosPassword" (required)
kerberosKdcAddress [Required] IP Address or DNS HostName. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
kerberosPrincipal [Required] Kerberos Username string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
kerberosRealm [Required] Domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
secrets [Required] Kerberos password secrets. KerberosPasswordSecrets (required)

KerberosPasswordSecrets

Name Description Value
kerberosPassword Kerberos password secret. string
secretsType [Required] Credential type used to authentication with storage. "AccountKey"
"Certificate"
"KerberosKeytab"
"KerberosPassword"
"Sas"
"ServicePrincipal" (required)

NoneDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. "None" (required)

SasDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. "Sas" (required)
secrets [Required] Storage container secrets. SasDatastoreSecrets (required)

SasDatastoreSecrets

Name Description Value
sasToken Storage container SAS token. string
secretsType [Required] Credential type used to authentication with storage. "AccountKey"
"Certificate"
"KerberosKeytab"
"KerberosPassword"
"Sas"
"ServicePrincipal" (required)

ServicePrincipalDatastoreCredentials

Name Description Value
credentialsType [Required] Credential type used to authentication with storage. "ServicePrincipal" (required)
authorityUrl Authority URL used for authentication. string
clientId [Required] Service principal client ID. string (required)

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
resourceUrl Resource the service principal has access to. string
secrets [Required] Service principal secrets. ServicePrincipalDatastoreSecrets (required)
tenantId [Required] ID of the tenant to which the service principal belongs. string (required)

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$

ServicePrincipalDatastoreSecrets

Name Description Value
clientSecret Service principal secret. string
secretsType [Required] Credential type used to authentication with storage. "AccountKey"
"Certificate"
"KerberosKeytab"
"KerberosPassword"
"Sas"
"ServicePrincipal" (required)

ResourceBaseProperties

Name Description Value
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string
{customized property} string

AzureBlobDatastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. "AzureBlob" (required)
accountName Storage account name. string
containerName Storage account container name. string
endpoint Azure cloud endpoint for the storage account. string
protocol Protocol used to communicate with the storage account. string
resourceGroup Azure Resource Group name string
serviceDataAccessAuthIdentity Indicates which identity to use to authenticate service data access to customer's storage. "None"
"WorkspaceSystemAssignedIdentity"
"WorkspaceUserAssignedIdentity"
subscriptionId Azure Subscription Id string

AzureDataLakeGen1Datastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. "AzureDataLakeGen1" (required)
resourceGroup Azure Resource Group name string
serviceDataAccessAuthIdentity Indicates which identity to use to authenticate service data access to customer's storage. "None"
"WorkspaceSystemAssignedIdentity"
"WorkspaceUserAssignedIdentity"
storeName [Required] Azure Data Lake store name. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
subscriptionId Azure Subscription Id string

AzureDataLakeGen2Datastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. "AzureDataLakeGen2" (required)
accountName [Required] Storage account name. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
endpoint Azure cloud endpoint for the storage account. string
filesystem [Required] The name of the Data Lake Gen2 filesystem. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
protocol Protocol used to communicate with the storage account. string
resourceGroup Azure Resource Group name string
serviceDataAccessAuthIdentity Indicates which identity to use to authenticate service data access to customer's storage. "None"
"WorkspaceSystemAssignedIdentity"
"WorkspaceUserAssignedIdentity"
subscriptionId Azure Subscription Id string

AzureFileDatastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. "AzureFile" (required)
accountName [Required] Storage account name. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
endpoint Azure cloud endpoint for the storage account. string
fileShareName [Required] The name of the Azure file share that the datastore points to. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
protocol Protocol used to communicate with the storage account. string
resourceGroup Azure Resource Group name string
serviceDataAccessAuthIdentity Indicates which identity to use to authenticate service data access to customer's storage. "None"
"WorkspaceSystemAssignedIdentity"
"WorkspaceUserAssignedIdentity"
subscriptionId Azure Subscription Id string

HdfsDatastore

Name Description Value
datastoreType [Required] Storage type backing the datastore. "Hdfs" (required)
hdfsServerCertificate The TLS cert of the HDFS server. Needs to be a base64 encoded string. Required if "Https" protocol is selected. string
nameNodeAddress [Required] IP Address or DNS HostName. string (required)

Constraints:
Pattern = [a-zA-Z0-9_]
protocol Protocol used to communicate with the storage account (Https/Http). string