Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The workspaces/sqlPools/vulnerabilityAssessments resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments@2021-06-01' = {
parent: resourceSymbolicName
name: 'string'
properties: {
recurringScans: {
emails: [
'string'
]
emailSubscriptionAdmins: bool
isEnabled: bool
}
storageAccountAccessKey: 'string'
storageContainerPath: 'string'
storageContainerSasKey: 'string'
}
}
Property Values
Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments
| Name | Description | Value |
|---|---|---|
| name | The resource name | 'default' (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: workspaces/sqlPools |
| properties | Resource properties. | SqlPoolVulnerabilityAssessmentProperties |
SqlPoolVulnerabilityAssessmentProperties
| Name | Description | Value |
|---|---|---|
| recurringScans | The recurring scans settings | VulnerabilityAssessmentRecurringScansProperties |
| storageAccountAccessKey | Specifies the identifier key of the storage account for vulnerability assessment scan results. If 'StorageContainerSasKey' isn't specified, storageAccountAccessKey is required. | string |
| storageContainerPath | A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn't set |
string |
| storageContainerSasKey | A shared access signature (SAS Key) that has write access to the blob container specified in 'storageContainerPath' parameter. If 'storageAccountAccessKey' isn't specified, StorageContainerSasKey is required. | string |
VulnerabilityAssessmentRecurringScansProperties
| Name | Description | Value |
|---|---|---|
| emails | Specifies an array of e-mail addresses to which the scan notification is sent. | string[] |
| emailSubscriptionAdmins | Specifies that the schedule scan notification will be is sent to the subscription administrators. | bool |
| isEnabled | Recurring scans state. | bool |
Usage Examples
Bicep Samples
A basic example of deploying Vulnerability Assessment for a Synapse SQL Pool.
param resourceName string = 'acctest0001'
param location string = 'westeurope'
@description('The SQL administrator login for the Synapse workspace')
param sqlAdministratorLogin string
@secure()
@description('The SQL administrator login password for the Synapse workspace')
param sqlAdministratorLoginPassword string
resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
parent: storageAccount
name: 'default'
}
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
name: resourceName
location: location
kind: 'StorageV2'
properties: {}
sku: {
name: 'Standard_LRS'
}
}
resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' = {
name: resourceName
location: location
properties: {
defaultDataLakeStorage: {
accountUrl: storageAccount.properties.primaryEndpoints.dfs
filesystem: container.name
}
managedVirtualNetwork: ''
publicNetworkAccess: 'Enabled'
sqlAdministratorLogin: sqlAdministratorLogin
sqlAdministratorLoginPassword: sqlAdministratorLoginPassword
}
}
resource sqlPool 'Microsoft.Synapse/workspaces/sqlPools@2021-06-01' = {
parent: workspace
name: resourceName
location: location
properties: {
createMode: 'Default'
}
sku: {
name: 'DW100c'
}
}
resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
parent: blobService
name: resourceName
properties: {
metadata: {
key: 'value'
}
}
}
resource vulnerabilityAssessment 'Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments@2021-06-01' = {
parent: sqlPool
name: 'default'
properties: {
storageAccountAccessKey: storageAccount.listKeys().keys[0].value
storageContainerPath: 'https://${storageAccount.name}.blob.core.windows.net/${container.name}/'
}
}
ARM template resource definition
The workspaces/sqlPools/vulnerabilityAssessments resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments resource, add the following JSON to your template.
{
"type": "Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments",
"apiVersion": "2021-06-01",
"name": "string",
"properties": {
"recurringScans": {
"emails": [ "string" ],
"emailSubscriptionAdmins": "bool",
"isEnabled": "bool"
},
"storageAccountAccessKey": "string",
"storageContainerPath": "string",
"storageContainerSasKey": "string"
}
}
Property Values
Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2021-06-01' |
| name | The resource name | 'default' (required) |
| properties | Resource properties. | SqlPoolVulnerabilityAssessmentProperties |
| type | The resource type | 'Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments' |
SqlPoolVulnerabilityAssessmentProperties
| Name | Description | Value |
|---|---|---|
| recurringScans | The recurring scans settings | VulnerabilityAssessmentRecurringScansProperties |
| storageAccountAccessKey | Specifies the identifier key of the storage account for vulnerability assessment scan results. If 'StorageContainerSasKey' isn't specified, storageAccountAccessKey is required. | string |
| storageContainerPath | A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn't set |
string |
| storageContainerSasKey | A shared access signature (SAS Key) that has write access to the blob container specified in 'storageContainerPath' parameter. If 'storageAccountAccessKey' isn't specified, StorageContainerSasKey is required. | string |
VulnerabilityAssessmentRecurringScansProperties
| Name | Description | Value |
|---|---|---|
| emails | Specifies an array of e-mail addresses to which the scan notification is sent. | string[] |
| emailSubscriptionAdmins | Specifies that the schedule scan notification will be is sent to the subscription administrators. | bool |
| isEnabled | Recurring scans state. | bool |
Usage Examples
Terraform (AzAPI provider) resource definition
The workspaces/sqlPools/vulnerabilityAssessments resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments@2021-06-01"
name = "string"
parent_id = "string"
body = {
properties = {
recurringScans = {
emails = [
"string"
]
emailSubscriptionAdmins = bool
isEnabled = bool
}
storageAccountAccessKey = "string"
storageContainerPath = "string"
storageContainerSasKey = "string"
}
}
}
Property Values
Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments
| Name | Description | Value |
|---|---|---|
| name | The resource name | 'default' (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: workspaces/sqlPools |
| properties | Resource properties. | SqlPoolVulnerabilityAssessmentProperties |
| type | The resource type | "Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments@2021-06-01" |
SqlPoolVulnerabilityAssessmentProperties
| Name | Description | Value |
|---|---|---|
| recurringScans | The recurring scans settings | VulnerabilityAssessmentRecurringScansProperties |
| storageAccountAccessKey | Specifies the identifier key of the storage account for vulnerability assessment scan results. If 'StorageContainerSasKey' isn't specified, storageAccountAccessKey is required. | string |
| storageContainerPath | A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn't set |
string |
| storageContainerSasKey | A shared access signature (SAS Key) that has write access to the blob container specified in 'storageContainerPath' parameter. If 'storageAccountAccessKey' isn't specified, StorageContainerSasKey is required. | string |
VulnerabilityAssessmentRecurringScansProperties
| Name | Description | Value |
|---|---|---|
| emails | Specifies an array of e-mail addresses to which the scan notification is sent. | string[] |
| emailSubscriptionAdmins | Specifies that the schedule scan notification will be is sent to the subscription administrators. | bool |
| isEnabled | Recurring scans state. | bool |
Usage Examples
Terraform Samples
A basic example of deploying Vulnerability Assessment for a Synapse SQL Pool.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westeurope"
}
variable "sql_administrator_login" {
type = string
description = "The SQL administrator login for the Synapse workspace"
}
variable "sql_administrator_login_password" {
type = string
description = "The SQL administrator login password for the Synapse workspace"
sensitive = true
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "storageAccount" {
type = "Microsoft.Storage/storageAccounts@2021-09-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
kind = "StorageV2"
properties = {
}
sku = {
name = "Standard_LRS"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
data "azapi_resource_action" "listKeys" {
type = "Microsoft.Storage/storageAccounts@2022-09-01"
resource_id = azapi_resource.storageAccount.id
action = "listKeys"
response_export_values = ["*"]
}
data "azapi_resource" "blobService" {
type = "Microsoft.Storage/storageAccounts/blobServices@2022-09-01"
parent_id = azapi_resource.storageAccount.id
name = "default"
}
resource "azapi_resource" "container" {
type = "Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01"
name = var.resource_name
parent_id = data.azapi_resource.blobService.id
body = {
properties = {
metadata = {
key = "value"
}
}
}
response_export_values = ["*"]
}
resource "azapi_resource" "workspace" {
type = "Microsoft.Synapse/workspaces@2021-06-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
identity {
type = "SystemAssigned"
identity_ids = []
}
body = {
properties = {
defaultDataLakeStorage = {
accountUrl = azapi_resource.storageAccount.output.properties.primaryEndpoints.dfs
filesystem = azapi_resource.container.name
}
managedVirtualNetwork = ""
publicNetworkAccess = "Enabled"
sqlAdministratorLogin = var.sql_administrator_login
sqlAdministratorLoginPassword = var.sql_administrator_login_password
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "sqlPool" {
type = "Microsoft.Synapse/workspaces/sqlPools@2021-06-01"
parent_id = azapi_resource.workspace.id
name = var.resource_name
location = var.location
body = {
properties = {
createMode = "Default"
}
sku = {
name = "DW100c"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_update_resource" "vulnerabilityAssessment" {
type = "Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments@2021-06-01"
parent_id = azapi_resource.sqlPool.id
name = "default"
body = {
properties = {
storageAccountAccessKey = data.azapi_resource_action.listKeys.output.keys[0].value
storageContainerPath = "https://${azapi_resource.storageAccount.name}.blob.core.windows.net/${azapi_resource.container.name}/"
}
}
response_export_values = ["*"]
}