Docs Home
We recommend using Azure Native.
Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi
azure.synapse.Workspace
Explore with Pulumi AI
Manages a Synapse Workspace.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleAccount = new azure.storage.Account("example", {
name: "examplestorageacc",
resourceGroupName: example.name,
location: example.location,
accountTier: "Standard",
accountReplicationType: "LRS",
accountKind: "StorageV2",
isHnsEnabled: true,
});
const exampleDataLakeGen2Filesystem = new azure.storage.DataLakeGen2Filesystem("example", {
name: "example",
storageAccountId: exampleAccount.id,
});
const exampleWorkspace = new azure.synapse.Workspace("example", {
name: "example",
resourceGroupName: example.name,
location: example.location,
storageDataLakeGen2FilesystemId: exampleDataLakeGen2Filesystem.id,
sqlAdministratorLogin: "sqladminuser",
sqlAdministratorLoginPassword: "H@Sh1CoR3!",
identity: {
type: "SystemAssigned",
},
tags: {
Env: "production",
},
});
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_account = azure.storage.Account("example",
name="examplestorageacc",
resource_group_name=example.name,
location=example.location,
account_tier="Standard",
account_replication_type="LRS",
account_kind="StorageV2",
is_hns_enabled=True)
example_data_lake_gen2_filesystem = azure.storage.DataLakeGen2Filesystem("example",
name="example",
storage_account_id=example_account.id)
example_workspace = azure.synapse.Workspace("example",
name="example",
resource_group_name=example.name,
location=example.location,
storage_data_lake_gen2_filesystem_id=example_data_lake_gen2_filesystem.id,
sql_administrator_login="sqladminuser",
sql_administrator_login_password="H@Sh1CoR3!",
identity={
"type": "SystemAssigned",
},
tags={
"Env": "production",
})
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/synapse"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("examplestorageacc"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
AccountKind: pulumi.String("StorageV2"),
IsHnsEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
exampleDataLakeGen2Filesystem, err := storage.NewDataLakeGen2Filesystem(ctx, "example", &storage.DataLakeGen2FilesystemArgs{
Name: pulumi.String("example"),
StorageAccountId: exampleAccount.ID(),
})
if err != nil {
return err
}
_, err = synapse.NewWorkspace(ctx, "example", &synapse.WorkspaceArgs{
Name: pulumi.String("example"),
ResourceGroupName: example.Name,
Location: example.Location,
StorageDataLakeGen2FilesystemId: exampleDataLakeGen2Filesystem.ID(),
SqlAdministratorLogin: pulumi.String("sqladminuser"),
SqlAdministratorLoginPassword: pulumi.String("H@Sh1CoR3!"),
Identity: &synapse.WorkspaceIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
Tags: pulumi.StringMap{
"Env": pulumi.String("production"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "examplestorageacc",
ResourceGroupName = example.Name,
Location = example.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
AccountKind = "StorageV2",
IsHnsEnabled = true,
});
var exampleDataLakeGen2Filesystem = new Azure.Storage.DataLakeGen2Filesystem("example", new()
{
Name = "example",
StorageAccountId = exampleAccount.Id,
});
var exampleWorkspace = new Azure.Synapse.Workspace("example", new()
{
Name = "example",
ResourceGroupName = example.Name,
Location = example.Location,
StorageDataLakeGen2FilesystemId = exampleDataLakeGen2Filesystem.Id,
SqlAdministratorLogin = "sqladminuser",
SqlAdministratorLoginPassword = "H@Sh1CoR3!",
Identity = new Azure.Synapse.Inputs.WorkspaceIdentityArgs
{
Type = "SystemAssigned",
},
Tags =
{
{ "Env", "production" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.DataLakeGen2Filesystem;
import com.pulumi.azure.storage.DataLakeGen2FilesystemArgs;
import com.pulumi.azure.synapse.Workspace;
import com.pulumi.azure.synapse.WorkspaceArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("examplestorageacc")
.resourceGroupName(example.name())
.location(example.location())
.accountTier("Standard")
.accountReplicationType("LRS")
.accountKind("StorageV2")
.isHnsEnabled("true")
.build());
var exampleDataLakeGen2Filesystem = new DataLakeGen2Filesystem("exampleDataLakeGen2Filesystem", DataLakeGen2FilesystemArgs.builder()
.name("example")
.storageAccountId(exampleAccount.id())
.build());
var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
.name("example")
.resourceGroupName(example.name())
.location(example.location())
.storageDataLakeGen2FilesystemId(exampleDataLakeGen2Filesystem.id())
.sqlAdministratorLogin("sqladminuser")
.sqlAdministratorLoginPassword("H@Sh1CoR3!")
.identity(WorkspaceIdentityArgs.builder()
.type("SystemAssigned")
.build())
.tags(Map.of("Env", "production"))
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: examplestorageacc
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: LRS
accountKind: StorageV2
isHnsEnabled: 'true'
exampleDataLakeGen2Filesystem:
type: azure:storage:DataLakeGen2Filesystem
name: example
properties:
name: example
storageAccountId: ${exampleAccount.id}
exampleWorkspace:
type: azure:synapse:Workspace
name: example
properties:
name: example
resourceGroupName: ${example.name}
location: ${example.location}
storageDataLakeGen2FilesystemId: ${exampleDataLakeGen2Filesystem.id}
sqlAdministratorLogin: sqladminuser
sqlAdministratorLoginPassword: H@Sh1CoR3!
identity:
type: SystemAssigned
tags:
Env: production
Creating A Workspace With Customer Managed Key And Azure AD Admin
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleAccount = new azure.storage.Account("example", {
name: "examplestorageacc",
resourceGroupName: example.name,
location: example.location,
accountTier: "Standard",
accountReplicationType: "LRS",
accountKind: "StorageV2",
isHnsEnabled: true,
});
const exampleDataLakeGen2Filesystem = new azure.storage.DataLakeGen2Filesystem("example", {
name: "example",
storageAccountId: exampleAccount.id,
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "example",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "standard",
purgeProtectionEnabled: true,
});
const deployer = new azure.keyvault.AccessPolicy("deployer", {
keyVaultId: exampleKeyVault.id,
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
keyPermissions: [
"Create",
"Get",
"Delete",
"Purge",
"GetRotationPolicy",
],
});
const exampleKey = new azure.keyvault.Key("example", {
name: "workspaceencryptionkey",
keyVaultId: exampleKeyVault.id,
keyType: "RSA",
keySize: 2048,
keyOpts: [
"unwrapKey",
"wrapKey",
],
}, {
dependsOn: [deployer],
});
const exampleWorkspace = new azure.synapse.Workspace("example", {
name: "example",
resourceGroupName: example.name,
location: example.location,
storageDataLakeGen2FilesystemId: exampleDataLakeGen2Filesystem.id,
sqlAdministratorLogin: "sqladminuser",
sqlAdministratorLoginPassword: "H@Sh1CoR3!",
customerManagedKey: {
keyVersionlessId: exampleKey.versionlessId,
keyName: "enckey",
},
identity: {
type: "SystemAssigned",
},
tags: {
Env: "production",
},
});
const workspacePolicy = new azure.keyvault.AccessPolicy("workspace_policy", {
keyVaultId: exampleKeyVault.id,
tenantId: exampleWorkspace.identity.apply(identity => identity?.tenantId),
objectId: exampleWorkspace.identity.apply(identity => identity?.principalId),
keyPermissions: [
"Get",
"WrapKey",
"UnwrapKey",
],
});
const exampleWorkspaceKey = new azure.synapse.WorkspaceKey("example", {
customerManagedKeyVersionlessId: exampleKey.versionlessId,
synapseWorkspaceId: exampleWorkspace.id,
active: true,
customerManagedKeyName: "enckey",
}, {
dependsOn: [workspacePolicy],
});
const exampleWorkspaceAadAdmin = new azure.synapse.WorkspaceAadAdmin("example", {
synapseWorkspaceId: exampleWorkspace.id,
login: "AzureAD Admin",
objectId: "00000000-0000-0000-0000-000000000000",
tenantId: "00000000-0000-0000-0000-000000000000",
}, {
dependsOn: [exampleWorkspaceKey],
});
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_account = azure.storage.Account("example",
name="examplestorageacc",
resource_group_name=example.name,
location=example.location,
account_tier="Standard",
account_replication_type="LRS",
account_kind="StorageV2",
is_hns_enabled=True)
example_data_lake_gen2_filesystem = azure.storage.DataLakeGen2Filesystem("example",
name="example",
storage_account_id=example_account.id)
example_key_vault = azure.keyvault.KeyVault("example",
name="example",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="standard",
purge_protection_enabled=True)
deployer = azure.keyvault.AccessPolicy("deployer",
key_vault_id=example_key_vault.id,
tenant_id=current.tenant_id,
object_id=current.object_id,
key_permissions=[
"Create",
"Get",
"Delete",
"Purge",
"GetRotationPolicy",
])
example_key = azure.keyvault.Key("example",
name="workspaceencryptionkey",
key_vault_id=example_key_vault.id,
key_type="RSA",
key_size=2048,
key_opts=[
"unwrapKey",
"wrapKey",
],
opts = pulumi.ResourceOptions(depends_on=[deployer]))
example_workspace = azure.synapse.Workspace("example",
name="example",
resource_group_name=example.name,
location=example.location,
storage_data_lake_gen2_filesystem_id=example_data_lake_gen2_filesystem.id,
sql_administrator_login="sqladminuser",
sql_administrator_login_password="H@Sh1CoR3!",
customer_managed_key={
"key_versionless_id": example_key.versionless_id,
"key_name": "enckey",
},
identity={
"type": "SystemAssigned",
},
tags={
"Env": "production",
})
workspace_policy = azure.keyvault.AccessPolicy("workspace_policy",
key_vault_id=example_key_vault.id,
tenant_id=example_workspace.identity.tenant_id,
object_id=example_workspace.identity.principal_id,
key_permissions=[
"Get",
"WrapKey",
"UnwrapKey",
])
example_workspace_key = azure.synapse.WorkspaceKey("example",
customer_managed_key_versionless_id=example_key.versionless_id,
synapse_workspace_id=example_workspace.id,
active=True,
customer_managed_key_name="enckey",
opts = pulumi.ResourceOptions(depends_on=[workspace_policy]))
example_workspace_aad_admin = azure.synapse.WorkspaceAadAdmin("example",
synapse_workspace_id=example_workspace.id,
login="AzureAD Admin",
object_id="00000000-0000-0000-0000-000000000000",
tenant_id="00000000-0000-0000-0000-000000000000",
opts = pulumi.ResourceOptions(depends_on=[example_workspace_key]))
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/synapse"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("examplestorageacc"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
AccountKind: pulumi.String("StorageV2"),
IsHnsEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
exampleDataLakeGen2Filesystem, err := storage.NewDataLakeGen2Filesystem(ctx, "example", &storage.DataLakeGen2FilesystemArgs{
Name: pulumi.String("example"),
StorageAccountId: exampleAccount.ID(),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("example"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("standard"),
PurgeProtectionEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
deployer, err := keyvault.NewAccessPolicy(ctx, "deployer", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
KeyPermissions: pulumi.StringArray{
pulumi.String("Create"),
pulumi.String("Get"),
pulumi.String("Delete"),
pulumi.String("Purge"),
pulumi.String("GetRotationPolicy"),
},
})
if err != nil {
return err
}
exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
Name: pulumi.String("workspaceencryptionkey"),
KeyVaultId: exampleKeyVault.ID(),
KeyType: pulumi.String("RSA"),
KeySize: pulumi.Int(2048),
KeyOpts: pulumi.StringArray{
pulumi.String("unwrapKey"),
pulumi.String("wrapKey"),
},
}, pulumi.DependsOn([]pulumi.Resource{
deployer,
}))
if err != nil {
return err
}
exampleWorkspace, err := synapse.NewWorkspace(ctx, "example", &synapse.WorkspaceArgs{
Name: pulumi.String("example"),
ResourceGroupName: example.Name,
Location: example.Location,
StorageDataLakeGen2FilesystemId: exampleDataLakeGen2Filesystem.ID(),
SqlAdministratorLogin: pulumi.String("sqladminuser"),
SqlAdministratorLoginPassword: pulumi.String("H@Sh1CoR3!"),
CustomerManagedKey: &synapse.WorkspaceCustomerManagedKeyArgs{
KeyVersionlessId: exampleKey.VersionlessId,
KeyName: pulumi.String("enckey"),
},
Identity: &synapse.WorkspaceIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
Tags: pulumi.StringMap{
"Env": pulumi.String("production"),
},
})
if err != nil {
return err
}
workspacePolicy, err := keyvault.NewAccessPolicy(ctx, "workspace_policy", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: pulumi.String(exampleWorkspace.Identity.ApplyT(func(identity synapse.WorkspaceIdentity) (*string, error) {
return &identity.TenantId, nil
}).(pulumi.StringPtrOutput)),
ObjectId: pulumi.String(exampleWorkspace.Identity.ApplyT(func(identity synapse.WorkspaceIdentity) (*string, error) {
return &identity.PrincipalId, nil
}).(pulumi.StringPtrOutput)),
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("WrapKey"),
pulumi.String("UnwrapKey"),
},
})
if err != nil {
return err
}
exampleWorkspaceKey, err := synapse.NewWorkspaceKey(ctx, "example", &synapse.WorkspaceKeyArgs{
CustomerManagedKeyVersionlessId: exampleKey.VersionlessId,
SynapseWorkspaceId: exampleWorkspace.ID(),
Active: pulumi.Bool(true),
CustomerManagedKeyName: pulumi.String("enckey"),
}, pulumi.DependsOn([]pulumi.Resource{
workspacePolicy,
}))
if err != nil {
return err
}
_, err = synapse.NewWorkspaceAadAdmin(ctx, "example", &synapse.WorkspaceAadAdminArgs{
SynapseWorkspaceId: exampleWorkspace.ID(),
Login: pulumi.String("AzureAD Admin"),
ObjectId: pulumi.String("00000000-0000-0000-0000-000000000000"),
TenantId: pulumi.String("00000000-0000-0000-0000-000000000000"),
}, pulumi.DependsOn([]pulumi.Resource{
exampleWorkspaceKey,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "examplestorageacc",
ResourceGroupName = example.Name,
Location = example.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
AccountKind = "StorageV2",
IsHnsEnabled = true,
});
var exampleDataLakeGen2Filesystem = new Azure.Storage.DataLakeGen2Filesystem("example", new()
{
Name = "example",
StorageAccountId = exampleAccount.Id,
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "example",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "standard",
PurgeProtectionEnabled = true,
});
var deployer = new Azure.KeyVault.AccessPolicy("deployer", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
KeyPermissions = new[]
{
"Create",
"Get",
"Delete",
"Purge",
"GetRotationPolicy",
},
});
var exampleKey = new Azure.KeyVault.Key("example", new()
{
Name = "workspaceencryptionkey",
KeyVaultId = exampleKeyVault.Id,
KeyType = "RSA",
KeySize = 2048,
KeyOpts = new[]
{
"unwrapKey",
"wrapKey",
},
}, new CustomResourceOptions
{
DependsOn =
{
deployer,
},
});
var exampleWorkspace = new Azure.Synapse.Workspace("example", new()
{
Name = "example",
ResourceGroupName = example.Name,
Location = example.Location,
StorageDataLakeGen2FilesystemId = exampleDataLakeGen2Filesystem.Id,
SqlAdministratorLogin = "sqladminuser",
SqlAdministratorLoginPassword = "H@Sh1CoR3!",
CustomerManagedKey = new Azure.Synapse.Inputs.WorkspaceCustomerManagedKeyArgs
{
KeyVersionlessId = exampleKey.VersionlessId,
KeyName = "enckey",
},
Identity = new Azure.Synapse.Inputs.WorkspaceIdentityArgs
{
Type = "SystemAssigned",
},
Tags =
{
{ "Env", "production" },
},
});
var workspacePolicy = new Azure.KeyVault.AccessPolicy("workspace_policy", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = exampleWorkspace.Identity.Apply(identity => identity?.TenantId),
ObjectId = exampleWorkspace.Identity.Apply(identity => identity?.PrincipalId),
KeyPermissions = new[]
{
"Get",
"WrapKey",
"UnwrapKey",
},
});
var exampleWorkspaceKey = new Azure.Synapse.WorkspaceKey("example", new()
{
CustomerManagedKeyVersionlessId = exampleKey.VersionlessId,
SynapseWorkspaceId = exampleWorkspace.Id,
Active = true,
CustomerManagedKeyName = "enckey",
}, new CustomResourceOptions
{
DependsOn =
{
workspacePolicy,
},
});
var exampleWorkspaceAadAdmin = new Azure.Synapse.WorkspaceAadAdmin("example", new()
{
SynapseWorkspaceId = exampleWorkspace.Id,
Login = "AzureAD Admin",
ObjectId = "00000000-0000-0000-0000-000000000000",
TenantId = "00000000-0000-0000-0000-000000000000",
}, new CustomResourceOptions
{
DependsOn =
{
exampleWorkspaceKey,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.DataLakeGen2Filesystem;
import com.pulumi.azure.storage.DataLakeGen2FilesystemArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.synapse.Workspace;
import com.pulumi.azure.synapse.WorkspaceArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceCustomerManagedKeyArgs;
import com.pulumi.azure.synapse.inputs.WorkspaceIdentityArgs;
import com.pulumi.azure.synapse.WorkspaceKey;
import com.pulumi.azure.synapse.WorkspaceKeyArgs;
import com.pulumi.azure.synapse.WorkspaceAadAdmin;
import com.pulumi.azure.synapse.WorkspaceAadAdminArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig();
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("examplestorageacc")
.resourceGroupName(example.name())
.location(example.location())
.accountTier("Standard")
.accountReplicationType("LRS")
.accountKind("StorageV2")
.isHnsEnabled("true")
.build());
var exampleDataLakeGen2Filesystem = new DataLakeGen2Filesystem("exampleDataLakeGen2Filesystem", DataLakeGen2FilesystemArgs.builder()
.name("example")
.storageAccountId(exampleAccount.id())
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("example")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("standard")
.purgeProtectionEnabled(true)
.build());
var deployer = new AccessPolicy("deployer", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.keyPermissions(
"Create",
"Get",
"Delete",
"Purge",
"GetRotationPolicy")
.build());
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.name("workspaceencryptionkey")
.keyVaultId(exampleKeyVault.id())
.keyType("RSA")
.keySize(2048)
.keyOpts(
"unwrapKey",
"wrapKey")
.build(), CustomResourceOptions.builder()
.dependsOn(deployer)
.build());
var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
.name("example")
.resourceGroupName(example.name())
.location(example.location())
.storageDataLakeGen2FilesystemId(exampleDataLakeGen2Filesystem.id())
.sqlAdministratorLogin("sqladminuser")
.sqlAdministratorLoginPassword("H@Sh1CoR3!")
.customerManagedKey(WorkspaceCustomerManagedKeyArgs.builder()
.keyVersionlessId(exampleKey.versionlessId())
.keyName("enckey")
.build())
.identity(WorkspaceIdentityArgs.builder()
.type("SystemAssigned")
.build())
.tags(Map.of("Env", "production"))
.build());
var workspacePolicy = new AccessPolicy("workspacePolicy", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(exampleWorkspace.identity().applyValue(identity -> identity.tenantId()))
.objectId(exampleWorkspace.identity().applyValue(identity -> identity.principalId()))
.keyPermissions(
"Get",
"WrapKey",
"UnwrapKey")
.build());
var exampleWorkspaceKey = new WorkspaceKey("exampleWorkspaceKey", WorkspaceKeyArgs.builder()
.customerManagedKeyVersionlessId(exampleKey.versionlessId())
.synapseWorkspaceId(exampleWorkspace.id())
.active(true)
.customerManagedKeyName("enckey")
.build(), CustomResourceOptions.builder()
.dependsOn(workspacePolicy)
.build());
var exampleWorkspaceAadAdmin = new WorkspaceAadAdmin("exampleWorkspaceAadAdmin", WorkspaceAadAdminArgs.builder()
.synapseWorkspaceId(exampleWorkspace.id())
.login("AzureAD Admin")
.objectId("00000000-0000-0000-0000-000000000000")
.tenantId("00000000-0000-0000-0000-000000000000")
.build(), CustomResourceOptions.builder()
.dependsOn(exampleWorkspaceKey)
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: examplestorageacc
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: LRS
accountKind: StorageV2
isHnsEnabled: 'true'
exampleDataLakeGen2Filesystem:
type: azure:storage:DataLakeGen2Filesystem
name: example
properties:
name: example
storageAccountId: ${exampleAccount.id}
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: example
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: standard
purgeProtectionEnabled: true
deployer:
type: azure:keyvault:AccessPolicy
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${current.tenantId}
objectId: ${current.objectId}
keyPermissions:
- Create
- Get
- Delete
- Purge
- GetRotationPolicy
exampleKey:
type: azure:keyvault:Key
name: example
properties:
name: workspaceencryptionkey
keyVaultId: ${exampleKeyVault.id}
keyType: RSA
keySize: 2048
keyOpts:
- unwrapKey
- wrapKey
options:
dependsOn:
- ${deployer}
exampleWorkspace:
type: azure:synapse:Workspace
name: example
properties:
name: example
resourceGroupName: ${example.name}
location: ${example.location}
storageDataLakeGen2FilesystemId: ${exampleDataLakeGen2Filesystem.id}
sqlAdministratorLogin: sqladminuser
sqlAdministratorLoginPassword: H@Sh1CoR3!
customerManagedKey:
keyVersionlessId: ${exampleKey.versionlessId}
keyName: enckey
identity:
type: SystemAssigned
tags:
Env: production
workspacePolicy:
type: azure:keyvault:AccessPolicy
name: workspace_policy
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${exampleWorkspace.identity.tenantId}
objectId: ${exampleWorkspace.identity.principalId}
keyPermissions:
- Get
- WrapKey
- UnwrapKey
exampleWorkspaceKey:
type: azure:synapse:WorkspaceKey
name: example
properties:
customerManagedKeyVersionlessId: ${exampleKey.versionlessId}
synapseWorkspaceId: ${exampleWorkspace.id}
active: true
customerManagedKeyName: enckey
options:
dependsOn:
- ${workspacePolicy}
exampleWorkspaceAadAdmin:
type: azure:synapse:WorkspaceAadAdmin
name: example
properties:
synapseWorkspaceId: ${exampleWorkspace.id}
login: AzureAD Admin
objectId: 00000000-0000-0000-0000-000000000000
tenantId: 00000000-0000-0000-0000-000000000000
options:
dependsOn:
- ${exampleWorkspaceKey}
variables:
current:
fn::invoke:
function: azure:core:getClientConfig
arguments: {}
Create Workspace Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Workspace(name: string, args: WorkspaceArgs, opts?: CustomResourceOptions);@overload
def Workspace(resource_name: str,
args: WorkspaceArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Workspace(resource_name: str,
opts: Optional[ResourceOptions] = None,
resource_group_name: Optional[str] = None,
storage_data_lake_gen2_filesystem_id: Optional[str] = None,
managed_virtual_network_enabled: Optional[bool] = None,
name: Optional[str] = None,
data_exfiltration_protection_enabled: Optional[bool] = None,
github_repo: Optional[WorkspaceGithubRepoArgs] = None,
identity: Optional[WorkspaceIdentityArgs] = None,
linking_allowed_for_aad_tenant_ids: Optional[Sequence[str]] = None,
location: Optional[str] = None,
managed_resource_group_name: Optional[str] = None,
azure_devops_repo: Optional[WorkspaceAzureDevopsRepoArgs] = None,
customer_managed_key: Optional[WorkspaceCustomerManagedKeyArgs] = None,
public_network_access_enabled: Optional[bool] = None,
purview_id: Optional[str] = None,
compute_subnet_id: Optional[str] = None,
sql_administrator_login: Optional[str] = None,
sql_administrator_login_password: Optional[str] = None,
sql_identity_control_enabled: Optional[bool] = None,
azuread_authentication_only: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None)func NewWorkspace(ctx *Context, name string, args WorkspaceArgs, opts ...ResourceOption) (*Workspace, error)public Workspace(string name, WorkspaceArgs args, CustomResourceOptions? opts = null)
public Workspace(String name, WorkspaceArgs args)
public Workspace(String name, WorkspaceArgs args, CustomResourceOptions options)
type: azure:synapse:Workspace
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WorkspaceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WorkspaceArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WorkspaceArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WorkspaceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WorkspaceArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var exampleworkspaceResourceResourceFromSynapseworkspace = new Azure.Synapse.Workspace("exampleworkspaceResourceResourceFromSynapseworkspace", new()
{
ResourceGroupName = "string",
StorageDataLakeGen2FilesystemId = "string",
ManagedVirtualNetworkEnabled = false,
Name = "string",
DataExfiltrationProtectionEnabled = false,
GithubRepo = new Azure.Synapse.Inputs.WorkspaceGithubRepoArgs
{
AccountName = "string",
BranchName = "string",
RepositoryName = "string",
RootFolder = "string",
GitUrl = "string",
LastCommitId = "string",
},
Identity = new Azure.Synapse.Inputs.WorkspaceIdentityArgs
{
Type = "string",
IdentityIds = new[]
{
"string",
},
PrincipalId = "string",
TenantId = "string",
},
LinkingAllowedForAadTenantIds = new[]
{
"string",
},
Location = "string",
ManagedResourceGroupName = "string",
AzureDevopsRepo = new Azure.Synapse.Inputs.WorkspaceAzureDevopsRepoArgs
{
AccountName = "string",
BranchName = "string",
ProjectName = "string",
RepositoryName = "string",
RootFolder = "string",
LastCommitId = "string",
TenantId = "string",
},
CustomerManagedKey = new Azure.Synapse.Inputs.WorkspaceCustomerManagedKeyArgs
{
KeyVersionlessId = "string",
KeyName = "string",
UserAssignedIdentityId = "string",
},
PublicNetworkAccessEnabled = false,
PurviewId = "string",
ComputeSubnetId = "string",
SqlAdministratorLogin = "string",
SqlAdministratorLoginPassword = "string",
SqlIdentityControlEnabled = false,
AzureadAuthenticationOnly = false,
Tags =
{
{ "string", "string" },
},
});
example, err := synapse.NewWorkspace(ctx, "exampleworkspaceResourceResourceFromSynapseworkspace", &synapse.WorkspaceArgs{
ResourceGroupName: pulumi.String("string"),
StorageDataLakeGen2FilesystemId: pulumi.String("string"),
ManagedVirtualNetworkEnabled: pulumi.Bool(false),
Name: pulumi.String("string"),
DataExfiltrationProtectionEnabled: pulumi.Bool(false),
GithubRepo: &synapse.WorkspaceGithubRepoArgs{
AccountName: pulumi.String("string"),
BranchName: pulumi.String("string"),
RepositoryName: pulumi.String("string"),
RootFolder: pulumi.String("string"),
GitUrl: pulumi.String("string"),
LastCommitId: pulumi.String("string"),
},
Identity: &synapse.WorkspaceIdentityArgs{
Type: pulumi.String("string"),
IdentityIds: pulumi.StringArray{
pulumi.String("string"),
},
PrincipalId: pulumi.String("string"),
TenantId: pulumi.String("string"),
},
LinkingAllowedForAadTenantIds: pulumi.StringArray{
pulumi.String("string"),
},
Location: pulumi.String("string"),
ManagedResourceGroupName: pulumi.String("string"),
AzureDevopsRepo: &synapse.WorkspaceAzureDevopsRepoArgs{
AccountName: pulumi.String("string"),
BranchName: pulumi.String("string"),
ProjectName: pulumi.String("string"),
RepositoryName: pulumi.String("string"),
RootFolder: pulumi.String("string"),
LastCommitId: pulumi.String("string"),
TenantId: pulumi.String("string"),
},
CustomerManagedKey: &synapse.WorkspaceCustomerManagedKeyArgs{
KeyVersionlessId: pulumi.String("string"),
KeyName: pulumi.String("string"),
UserAssignedIdentityId: pulumi.String("string"),
},
PublicNetworkAccessEnabled: pulumi.Bool(false),
PurviewId: pulumi.String("string"),
ComputeSubnetId: pulumi.String("string"),
SqlAdministratorLogin: pulumi.String("string"),
SqlAdministratorLoginPassword: pulumi.String("string"),
SqlIdentityControlEnabled: pulumi.Bool(false),
AzureadAuthenticationOnly: pulumi.Bool(false),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var exampleworkspaceResourceResourceFromSynapseworkspace = new Workspace("exampleworkspaceResourceResourceFromSynapseworkspace", WorkspaceArgs.builder()
.resourceGroupName("string")
.storageDataLakeGen2FilesystemId("string")
.managedVirtualNetworkEnabled(false)
.name("string")
.dataExfiltrationProtectionEnabled(false)
.githubRepo(WorkspaceGithubRepoArgs.builder()
.accountName("string")
.branchName("string")
.repositoryName("string")
.rootFolder("string")
.gitUrl("string")
.lastCommitId("string")
.build())
.identity(WorkspaceIdentityArgs.builder()
.type("string")
.identityIds("string")
.principalId("string")
.tenantId("string")
.build())
.linkingAllowedForAadTenantIds("string")
.location("string")
.managedResourceGroupName("string")
.azureDevopsRepo(WorkspaceAzureDevopsRepoArgs.builder()
.accountName("string")
.branchName("string")
.projectName("string")
.repositoryName("string")
.rootFolder("string")
.lastCommitId("string")
.tenantId("string")
.build())
.customerManagedKey(WorkspaceCustomerManagedKeyArgs.builder()
.keyVersionlessId("string")
.keyName("string")
.userAssignedIdentityId("string")
.build())
.publicNetworkAccessEnabled(false)
.purviewId("string")
.computeSubnetId("string")
.sqlAdministratorLogin("string")
.sqlAdministratorLoginPassword("string")
.sqlIdentityControlEnabled(false)
.azureadAuthenticationOnly(false)
.tags(Map.of("string", "string"))
.build());
exampleworkspace_resource_resource_from_synapseworkspace = azure.synapse.Workspace("exampleworkspaceResourceResourceFromSynapseworkspace",
resource_group_name="string",
storage_data_lake_gen2_filesystem_id="string",
managed_virtual_network_enabled=False,
name="string",
data_exfiltration_protection_enabled=False,
github_repo={
"account_name": "string",
"branch_name": "string",
"repository_name": "string",
"root_folder": "string",
"git_url": "string",
"last_commit_id": "string",
},
identity={
"type": "string",
"identity_ids": ["string"],
"principal_id": "string",
"tenant_id": "string",
},
linking_allowed_for_aad_tenant_ids=["string"],
location="string",
managed_resource_group_name="string",
azure_devops_repo={
"account_name": "string",
"branch_name": "string",
"project_name": "string",
"repository_name": "string",
"root_folder": "string",
"last_commit_id": "string",
"tenant_id": "string",
},
customer_managed_key={
"key_versionless_id": "string",
"key_name": "string",
"user_assigned_identity_id": "string",
},
public_network_access_enabled=False,
purview_id="string",
compute_subnet_id="string",
sql_administrator_login="string",
sql_administrator_login_password="string",
sql_identity_control_enabled=False,
azuread_authentication_only=False,
tags={
"string": "string",
})
const exampleworkspaceResourceResourceFromSynapseworkspace = new azure.synapse.Workspace("exampleworkspaceResourceResourceFromSynapseworkspace", {
resourceGroupName: "string",
storageDataLakeGen2FilesystemId: "string",
managedVirtualNetworkEnabled: false,
name: "string",
dataExfiltrationProtectionEnabled: false,
githubRepo: {
accountName: "string",
branchName: "string",
repositoryName: "string",
rootFolder: "string",
gitUrl: "string",
lastCommitId: "string",
},
identity: {
type: "string",
identityIds: ["string"],
principalId: "string",
tenantId: "string",
},
linkingAllowedForAadTenantIds: ["string"],
location: "string",
managedResourceGroupName: "string",
azureDevopsRepo: {
accountName: "string",
branchName: "string",
projectName: "string",
repositoryName: "string",
rootFolder: "string",
lastCommitId: "string",
tenantId: "string",
},
customerManagedKey: {
keyVersionlessId: "string",
keyName: "string",
userAssignedIdentityId: "string",
},
publicNetworkAccessEnabled: false,
purviewId: "string",
computeSubnetId: "string",
sqlAdministratorLogin: "string",
sqlAdministratorLoginPassword: "string",
sqlIdentityControlEnabled: false,
azureadAuthenticationOnly: false,
tags: {
string: "string",
},
});
type: azure:synapse:Workspace
properties:
azureDevopsRepo:
accountName: string
branchName: string
lastCommitId: string
projectName: string
repositoryName: string
rootFolder: string
tenantId: string
azureadAuthenticationOnly: false
computeSubnetId: string
customerManagedKey:
keyName: string
keyVersionlessId: string
userAssignedIdentityId: string
dataExfiltrationProtectionEnabled: false
githubRepo:
accountName: string
branchName: string
gitUrl: string
lastCommitId: string
repositoryName: string
rootFolder: string
identity:
identityIds:
- string
principalId: string
tenantId: string
type: string
linkingAllowedForAadTenantIds:
- string
location: string
managedResourceGroupName: string
managedVirtualNetworkEnabled: false
name: string
publicNetworkAccessEnabled: false
purviewId: string
resourceGroupName: string
sqlAdministratorLogin: string
sqlAdministratorLoginPassword: string
sqlIdentityControlEnabled: false
storageDataLakeGen2FilesystemId: string
tags:
string: string
Workspace Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Workspace resource accepts the following input properties:
- Resource
Group stringName - Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.
- Storage
Data stringLake Gen2Filesystem Id - Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.
- Azure
Devops WorkspaceRepo Azure Devops Repo - An
azure_devops_repoblock as defined below. - Azuread
Authentication boolOnly - Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to
false. - Compute
Subnet stringId - Subnet ID used for computes in workspace Changing this forces a new resource to be created.
- Customer
Managed WorkspaceKey Customer Managed Key - A
customer_managed_keyblock as defined below. - Data
Exfiltration boolProtection Enabled - Is data exfiltration protection enabled in this workspace? If set to
true,managed_virtual_network_enabledmust also be set totrue. Changing this forces a new resource to be created. - Github
Repo WorkspaceGithub Repo - A
github_repoblock as defined below. - Identity
Workspace
Identity - An
identityblock as defined below. - Linking
Allowed List<string>For Aad Tenant Ids - Allowed AAD Tenant Ids For Linking.
- Location string
- Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.
- Managed
Resource stringGroup Name - Workspace managed resource group. Changing this forces a new resource to be created.
- Managed
Virtual boolNetwork Enabled - Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created.
- Name string
- Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.
- Public
Network boolAccess Enabled - Whether public network access is allowed for the Cognitive Account. Defaults to
true. - Purview
Id string - The ID of purview account.
- Sql
Administrator stringLogin - Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided
customer_managed_keymust be provided. - Sql
Administrator stringLogin Password - The Password associated with the
sql_administrator_loginfor the SQL administrator. If this is not providedcustomer_managed_keymust be provided. - Sql
Identity boolControl Enabled - Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools?
- Dictionary<string, string>
- A mapping of tags which should be assigned to the Synapse Workspace.
- Resource
Group stringName - Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.
- Storage
Data stringLake Gen2Filesystem Id - Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.
- Azure
Devops WorkspaceRepo Azure Devops Repo Args - An
azure_devops_repoblock as defined below. - Azuread
Authentication boolOnly - Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to
false. - Compute
Subnet stringId - Subnet ID used for computes in workspace Changing this forces a new resource to be created.
- Customer
Managed WorkspaceKey Customer Managed Key Args - A
customer_managed_keyblock as defined below. - Data
Exfiltration boolProtection Enabled - Is data exfiltration protection enabled in this workspace? If set to
true,managed_virtual_network_enabledmust also be set totrue. Changing this forces a new resource to be created. - Github
Repo WorkspaceGithub Repo Args - A
github_repoblock as defined below. - Identity
Workspace
Identity Args - An
identityblock as defined below. - Linking
Allowed []stringFor Aad Tenant Ids - Allowed AAD Tenant Ids For Linking.
- Location string
- Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.
- Managed
Resource stringGroup Name - Workspace managed resource group. Changing this forces a new resource to be created.
- Managed
Virtual boolNetwork Enabled - Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created.
- Name string
- Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.
- Public
Network boolAccess Enabled - Whether public network access is allowed for the Cognitive Account. Defaults to
true. - Purview
Id string - The ID of purview account.
- Sql
Administrator stringLogin - Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided
customer_managed_keymust be provided. - Sql
Administrator stringLogin Password - The Password associated with the
sql_administrator_loginfor the SQL administrator. If this is not providedcustomer_managed_keymust be provided. - Sql
Identity boolControl Enabled - Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools?
- map[string]string
- A mapping of tags which should be assigned to the Synapse Workspace.
- resource
Group StringName - Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.
- storage
Data StringLake Gen2Filesystem Id - Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.
- azure
Devops WorkspaceRepo Azure Devops Repo - An
azure_devops_repoblock as defined below. - azuread
Authentication BooleanOnly - Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to
false. - compute
Subnet StringId - Subnet ID used for computes in workspace Changing this forces a new resource to be created.
- customer
Managed WorkspaceKey Customer Managed Key - A
customer_managed_keyblock as defined below. - data
Exfiltration BooleanProtection Enabled - Is data exfiltration protection enabled in this workspace? If set to
true,managed_virtual_network_enabledmust also be set totrue. Changing this forces a new resource to be created. - github
Repo WorkspaceGithub Repo - A
github_repoblock as defined below. - identity
Workspace
Identity - An
identityblock as defined below. - linking
Allowed List<String>For Aad Tenant Ids - Allowed AAD Tenant Ids For Linking.
- location String
- Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.
- managed
Resource StringGroup Name - Workspace managed resource group. Changing this forces a new resource to be created.
- managed
Virtual BooleanNetwork Enabled - Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created.
- name String
- Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.
- public
Network BooleanAccess Enabled - Whether public network access is allowed for the Cognitive Account. Defaults to
true. - purview
Id String - The ID of purview account.
- sql
Administrator StringLogin - Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided
customer_managed_keymust be provided. - sql
Administrator StringLogin Password - The Password associated with the
sql_administrator_loginfor the SQL administrator. If this is not providedcustomer_managed_keymust be provided. - sql
Identity BooleanControl Enabled - Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools?
- Map<String,String>
- A mapping of tags which should be assigned to the Synapse Workspace.
- resource
Group stringName - Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.
- storage
Data stringLake Gen2Filesystem Id - Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.
- azure
Devops WorkspaceRepo Azure Devops Repo - An
azure_devops_repoblock as defined below. - azuread
Authentication booleanOnly - Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to
false. - compute
Subnet stringId - Subnet ID used for computes in workspace Changing this forces a new resource to be created.
- customer
Managed WorkspaceKey Customer Managed Key - A
customer_managed_keyblock as defined below. - data
Exfiltration booleanProtection Enabled - Is data exfiltration protection enabled in this workspace? If set to
true,managed_virtual_network_enabledmust also be set totrue. Changing this forces a new resource to be created. - github
Repo WorkspaceGithub Repo - A
github_repoblock as defined below. - identity
Workspace
Identity - An
identityblock as defined below. - linking
Allowed string[]For Aad Tenant Ids - Allowed AAD Tenant Ids For Linking.
- location string
- Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.
- managed
Resource stringGroup Name - Workspace managed resource group. Changing this forces a new resource to be created.
- managed
Virtual booleanNetwork Enabled - Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created.
- name string
- Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.
- public
Network booleanAccess Enabled - Whether public network access is allowed for the Cognitive Account. Defaults to
true. - purview
Id string - The ID of purview account.
- sql
Administrator stringLogin - Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided
customer_managed_keymust be provided. - sql
Administrator stringLogin Password - The Password associated with the
sql_administrator_loginfor the SQL administrator. If this is not providedcustomer_managed_keymust be provided. - sql
Identity booleanControl Enabled - Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools?
- {[key: string]: string}
- A mapping of tags which should be assigned to the Synapse Workspace.
- resource_
group_ strname - Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.
- storage_
data_ strlake_ gen2_ filesystem_ id - Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.
- azure_
devops_ Workspacerepo Azure Devops Repo Args - An
azure_devops_repoblock as defined below. - azuread_
authentication_ boolonly - Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to
false. - compute_
subnet_ strid - Subnet ID used for computes in workspace Changing this forces a new resource to be created.
- customer_
managed_ Workspacekey Customer Managed Key Args - A
customer_managed_keyblock as defined below. - data_
exfiltration_ boolprotection_ enabled - Is data exfiltration protection enabled in this workspace? If set to
true,managed_virtual_network_enabledmust also be set totrue. Changing this forces a new resource to be created. - github_
repo WorkspaceGithub Repo Args - A
github_repoblock as defined below. - identity
Workspace
Identity Args - An
identityblock as defined below. - linking_
allowed_ Sequence[str]for_ aad_ tenant_ ids - Allowed AAD Tenant Ids For Linking.
- location str
- Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.
- managed_
resource_ strgroup_ name - Workspace managed resource group. Changing this forces a new resource to be created.
- managed_
virtual_ boolnetwork_ enabled - Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created.
- name str
- Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.
- public_
network_ boolaccess_ enabled - Whether public network access is allowed for the Cognitive Account. Defaults to
true. - purview_
id str - The ID of purview account.
- sql_
administrator_ strlogin - Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided
customer_managed_keymust be provided. - sql_
administrator_ strlogin_ password - The Password associated with the
sql_administrator_loginfor the SQL administrator. If this is not providedcustomer_managed_keymust be provided. - sql_
identity_ boolcontrol_ enabled - Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools?
- Mapping[str, str]
- A mapping of tags which should be assigned to the Synapse Workspace.
- resource
Group StringName - Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.
- storage
Data StringLake Gen2Filesystem Id - Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.
- azure
Devops Property MapRepo - An
azure_devops_repoblock as defined below. - azuread
Authentication BooleanOnly - Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to
false. - compute
Subnet StringId - Subnet ID used for computes in workspace Changing this forces a new resource to be created.
- customer
Managed Property MapKey - A
customer_managed_keyblock as defined below. - data
Exfiltration BooleanProtection Enabled - Is data exfiltration protection enabled in this workspace? If set to
true,managed_virtual_network_enabledmust also be set totrue. Changing this forces a new resource to be created. - github
Repo Property Map - A
github_repoblock as defined below. - identity Property Map
- An
identityblock as defined below. - linking
Allowed List<String>For Aad Tenant Ids - Allowed AAD Tenant Ids For Linking.
- location String
- Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.
- managed
Resource StringGroup Name - Workspace managed resource group. Changing this forces a new resource to be created.
- managed
Virtual BooleanNetwork Enabled - Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created.
- name String
- Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.
- public
Network BooleanAccess Enabled - Whether public network access is allowed for the Cognitive Account. Defaults to
true. - purview
Id String - The ID of purview account.
- sql
Administrator StringLogin - Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided
customer_managed_keymust be provided. - sql
Administrator StringLogin Password - The Password associated with the
sql_administrator_loginfor the SQL administrator. If this is not providedcustomer_managed_keymust be provided. - sql
Identity BooleanControl Enabled - Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools?
- Map<String>
- A mapping of tags which should be assigned to the Synapse Workspace.
Outputs
All input properties are implicitly available as output properties. Additionally, the Workspace resource produces the following output properties:
- Connectivity
Endpoints Dictionary<string, string> - A list of Connectivity endpoints for this Synapse Workspace.
- Id string
- The provider-assigned unique ID for this managed resource.
- Connectivity
Endpoints map[string]string - A list of Connectivity endpoints for this Synapse Workspace.
- Id string
- The provider-assigned unique ID for this managed resource.
- connectivity
Endpoints Map<String,String> - A list of Connectivity endpoints for this Synapse Workspace.
- id String
- The provider-assigned unique ID for this managed resource.
- connectivity
Endpoints {[key: string]: string} - A list of Connectivity endpoints for this Synapse Workspace.
- id string
- The provider-assigned unique ID for this managed resource.
- connectivity_
endpoints Mapping[str, str] - A list of Connectivity endpoints for this Synapse Workspace.
- id str
- The provider-assigned unique ID for this managed resource.
- connectivity
Endpoints Map<String> - A list of Connectivity endpoints for this Synapse Workspace.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Workspace Resource
Get an existing Workspace resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WorkspaceState, opts?: CustomResourceOptions): Workspace@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
azure_devops_repo: Optional[WorkspaceAzureDevopsRepoArgs] = None,
azuread_authentication_only: Optional[bool] = None,
compute_subnet_id: Optional[str] = None,
connectivity_endpoints: Optional[Mapping[str, str]] = None,
customer_managed_key: Optional[WorkspaceCustomerManagedKeyArgs] = None,
data_exfiltration_protection_enabled: Optional[bool] = None,
github_repo: Optional[WorkspaceGithubRepoArgs] = None,
identity: Optional[WorkspaceIdentityArgs] = None,
linking_allowed_for_aad_tenant_ids: Optional[Sequence[str]] = None,
location: Optional[str] = None,
managed_resource_group_name: Optional[str] = None,
managed_virtual_network_enabled: Optional[bool] = None,
name: Optional[str] = None,
public_network_access_enabled: Optional[bool] = None,
purview_id: Optional[str] = None,
resource_group_name: Optional[str] = None,
sql_administrator_login: Optional[str] = None,
sql_administrator_login_password: Optional[str] = None,
sql_identity_control_enabled: Optional[bool] = None,
storage_data_lake_gen2_filesystem_id: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None) -> Workspacefunc GetWorkspace(ctx *Context, name string, id IDInput, state *WorkspaceState, opts ...ResourceOption) (*Workspace, error)public static Workspace Get(string name, Input<string> id, WorkspaceState? state, CustomResourceOptions? opts = null)public static Workspace get(String name, Output<String> id, WorkspaceState state, CustomResourceOptions options)resources: _: type: azure:synapse:Workspace get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Azure
Devops WorkspaceRepo Azure Devops Repo - An
azure_devops_repoblock as defined below. - Azuread
Authentication boolOnly - Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to
false. - Compute
Subnet stringId - Subnet ID used for computes in workspace Changing this forces a new resource to be created.
- Connectivity
Endpoints Dictionary<string, string> - A list of Connectivity endpoints for this Synapse Workspace.
- Customer
Managed WorkspaceKey Customer Managed Key - A
customer_managed_keyblock as defined below. - Data
Exfiltration boolProtection Enabled - Is data exfiltration protection enabled in this workspace? If set to
true,managed_virtual_network_enabledmust also be set totrue. Changing this forces a new resource to be created. - Github
Repo WorkspaceGithub Repo - A
github_repoblock as defined below. - Identity
Workspace
Identity - An
identityblock as defined below. - Linking
Allowed List<string>For Aad Tenant Ids - Allowed AAD Tenant Ids For Linking.
- Location string
- Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.
- Managed
Resource stringGroup Name - Workspace managed resource group. Changing this forces a new resource to be created.
- Managed
Virtual boolNetwork Enabled - Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created.
- Name string
- Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.
- Public
Network boolAccess Enabled - Whether public network access is allowed for the Cognitive Account. Defaults to
true. - Purview
Id string - The ID of purview account.
- Resource
Group stringName - Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.
- Sql
Administrator stringLogin - Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided
customer_managed_keymust be provided. - Sql
Administrator stringLogin Password - The Password associated with the
sql_administrator_loginfor the SQL administrator. If this is not providedcustomer_managed_keymust be provided. - Sql
Identity boolControl Enabled - Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools?
- Storage
Data stringLake Gen2Filesystem Id - Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.
- Dictionary<string, string>
- A mapping of tags which should be assigned to the Synapse Workspace.
- Azure
Devops WorkspaceRepo Azure Devops Repo Args - An
azure_devops_repoblock as defined below. - Azuread
Authentication boolOnly - Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to
false. - Compute
Subnet stringId - Subnet ID used for computes in workspace Changing this forces a new resource to be created.
- Connectivity
Endpoints map[string]string - A list of Connectivity endpoints for this Synapse Workspace.
- Customer
Managed WorkspaceKey Customer Managed Key Args - A
customer_managed_keyblock as defined below. - Data
Exfiltration boolProtection Enabled - Is data exfiltration protection enabled in this workspace? If set to
true,managed_virtual_network_enabledmust also be set totrue. Changing this forces a new resource to be created. - Github
Repo WorkspaceGithub Repo Args - A
github_repoblock as defined below. - Identity
Workspace
Identity Args - An
identityblock as defined below. - Linking
Allowed []stringFor Aad Tenant Ids - Allowed AAD Tenant Ids For Linking.
- Location string
- Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.
- Managed
Resource stringGroup Name - Workspace managed resource group. Changing this forces a new resource to be created.
- Managed
Virtual boolNetwork Enabled - Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created.
- Name string
- Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.
- Public
Network boolAccess Enabled - Whether public network access is allowed for the Cognitive Account. Defaults to
true. - Purview
Id string - The ID of purview account.
- Resource
Group stringName - Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.
- Sql
Administrator stringLogin - Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided
customer_managed_keymust be provided. - Sql
Administrator stringLogin Password - The Password associated with the
sql_administrator_loginfor the SQL administrator. If this is not providedcustomer_managed_keymust be provided. - Sql
Identity boolControl Enabled - Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools?
- Storage
Data stringLake Gen2Filesystem Id - Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.
- map[string]string
- A mapping of tags which should be assigned to the Synapse Workspace.
- azure
Devops WorkspaceRepo Azure Devops Repo - An
azure_devops_repoblock as defined below. - azuread
Authentication BooleanOnly - Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to
false. - compute
Subnet StringId - Subnet ID used for computes in workspace Changing this forces a new resource to be created.
- connectivity
Endpoints Map<String,String> - A list of Connectivity endpoints for this Synapse Workspace.
- customer
Managed WorkspaceKey Customer Managed Key - A
customer_managed_keyblock as defined below. - data
Exfiltration BooleanProtection Enabled - Is data exfiltration protection enabled in this workspace? If set to
true,managed_virtual_network_enabledmust also be set totrue. Changing this forces a new resource to be created. - github
Repo WorkspaceGithub Repo - A
github_repoblock as defined below. - identity
Workspace
Identity - An
identityblock as defined below. - linking
Allowed List<String>For Aad Tenant Ids - Allowed AAD Tenant Ids For Linking.
- location String
- Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.
- managed
Resource StringGroup Name - Workspace managed resource group. Changing this forces a new resource to be created.
- managed
Virtual BooleanNetwork Enabled - Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created.
- name String
- Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.
- public
Network BooleanAccess Enabled - Whether public network access is allowed for the Cognitive Account. Defaults to
true. - purview
Id String - The ID of purview account.
- resource
Group StringName - Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.
- sql
Administrator StringLogin - Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided
customer_managed_keymust be provided. - sql
Administrator StringLogin Password - The Password associated with the
sql_administrator_loginfor the SQL administrator. If this is not providedcustomer_managed_keymust be provided. - sql
Identity BooleanControl Enabled - Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools?
- storage
Data StringLake Gen2Filesystem Id - Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.
- Map<String,String>
- A mapping of tags which should be assigned to the Synapse Workspace.
- azure
Devops WorkspaceRepo Azure Devops Repo - An
azure_devops_repoblock as defined below. - azuread
Authentication booleanOnly - Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to
false. - compute
Subnet stringId - Subnet ID used for computes in workspace Changing this forces a new resource to be created.
- connectivity
Endpoints {[key: string]: string} - A list of Connectivity endpoints for this Synapse Workspace.
- customer
Managed WorkspaceKey Customer Managed Key - A
customer_managed_keyblock as defined below. - data
Exfiltration booleanProtection Enabled - Is data exfiltration protection enabled in this workspace? If set to
true,managed_virtual_network_enabledmust also be set totrue. Changing this forces a new resource to be created. - github
Repo WorkspaceGithub Repo - A
github_repoblock as defined below. - identity
Workspace
Identity - An
identityblock as defined below. - linking
Allowed string[]For Aad Tenant Ids - Allowed AAD Tenant Ids For Linking.
- location string
- Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.
- managed
Resource stringGroup Name - Workspace managed resource group. Changing this forces a new resource to be created.
- managed
Virtual booleanNetwork Enabled - Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created.
- name string
- Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.
- public
Network booleanAccess Enabled - Whether public network access is allowed for the Cognitive Account. Defaults to
true. - purview
Id string - The ID of purview account.
- resource
Group stringName - Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.
- sql
Administrator stringLogin - Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided
customer_managed_keymust be provided. - sql
Administrator stringLogin Password - The Password associated with the
sql_administrator_loginfor the SQL administrator. If this is not providedcustomer_managed_keymust be provided. - sql
Identity booleanControl Enabled - Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools?
- storage
Data stringLake Gen2Filesystem Id - Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.
- {[key: string]: string}
- A mapping of tags which should be assigned to the Synapse Workspace.
- azure_
devops_ Workspacerepo Azure Devops Repo Args - An
azure_devops_repoblock as defined below. - azuread_
authentication_ boolonly - Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to
false. - compute_
subnet_ strid - Subnet ID used for computes in workspace Changing this forces a new resource to be created.
- connectivity_
endpoints Mapping[str, str] - A list of Connectivity endpoints for this Synapse Workspace.
- customer_
managed_ Workspacekey Customer Managed Key Args - A
customer_managed_keyblock as defined below. - data_
exfiltration_ boolprotection_ enabled - Is data exfiltration protection enabled in this workspace? If set to
true,managed_virtual_network_enabledmust also be set totrue. Changing this forces a new resource to be created. - github_
repo WorkspaceGithub Repo Args - A
github_repoblock as defined below. - identity
Workspace
Identity Args - An
identityblock as defined below. - linking_
allowed_ Sequence[str]for_ aad_ tenant_ ids - Allowed AAD Tenant Ids For Linking.
- location str
- Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.
- managed_
resource_ strgroup_ name - Workspace managed resource group. Changing this forces a new resource to be created.
- managed_
virtual_ boolnetwork_ enabled - Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created.
- name str
- Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.
- public_
network_ boolaccess_ enabled - Whether public network access is allowed for the Cognitive Account. Defaults to
true. - purview_
id str - The ID of purview account.
- resource_
group_ strname - Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.
- sql_
administrator_ strlogin - Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided
customer_managed_keymust be provided. - sql_
administrator_ strlogin_ password - The Password associated with the
sql_administrator_loginfor the SQL administrator. If this is not providedcustomer_managed_keymust be provided. - sql_
identity_ boolcontrol_ enabled - Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools?
- storage_
data_ strlake_ gen2_ filesystem_ id - Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.
- Mapping[str, str]
- A mapping of tags which should be assigned to the Synapse Workspace.
- azure
Devops Property MapRepo - An
azure_devops_repoblock as defined below. - azuread
Authentication BooleanOnly - Is Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace. Defaults to
false. - compute
Subnet StringId - Subnet ID used for computes in workspace Changing this forces a new resource to be created.
- connectivity
Endpoints Map<String> - A list of Connectivity endpoints for this Synapse Workspace.
- customer
Managed Property MapKey - A
customer_managed_keyblock as defined below. - data
Exfiltration BooleanProtection Enabled - Is data exfiltration protection enabled in this workspace? If set to
true,managed_virtual_network_enabledmust also be set totrue. Changing this forces a new resource to be created. - github
Repo Property Map - A
github_repoblock as defined below. - identity Property Map
- An
identityblock as defined below. - linking
Allowed List<String>For Aad Tenant Ids - Allowed AAD Tenant Ids For Linking.
- location String
- Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.
- managed
Resource StringGroup Name - Workspace managed resource group. Changing this forces a new resource to be created.
- managed
Virtual BooleanNetwork Enabled - Is Virtual Network enabled for all computes in this workspace? Changing this forces a new resource to be created.
- name String
- Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.
- public
Network BooleanAccess Enabled - Whether public network access is allowed for the Cognitive Account. Defaults to
true. - purview
Id String - The ID of purview account.
- resource
Group StringName - Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.
- sql
Administrator StringLogin - Specifies The login name of the SQL administrator. Changing this forces a new resource to be created. If this is not provided
customer_managed_keymust be provided. - sql
Administrator StringLogin Password - The Password associated with the
sql_administrator_loginfor the SQL administrator. If this is not providedcustomer_managed_keymust be provided. - sql
Identity BooleanControl Enabled - Are pipelines (running as workspace's system assigned identity) allowed to access SQL pools?
- storage
Data StringLake Gen2Filesystem Id - Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.
- Map<String>
- A mapping of tags which should be assigned to the Synapse Workspace.
Supporting Types
WorkspaceAzureDevopsRepo, WorkspaceAzureDevopsRepoArgs
- Account
Name string - Specifies the Azure DevOps account name.
- Branch
Name string - Specifies the collaboration branch of the repository to get code from.
- Project
Name string - Specifies the name of the Azure DevOps project.
- Repository
Name string - Specifies the name of the git repository.
- Root
Folder string - Specifies the root folder within the repository. Set to
/for the top level. - Last
Commit stringId - The last commit ID.
- Tenant
Id string - the ID of the tenant for the Azure DevOps account.
- Account
Name string - Specifies the Azure DevOps account name.
- Branch
Name string - Specifies the collaboration branch of the repository to get code from.
- Project
Name string - Specifies the name of the Azure DevOps project.
- Repository
Name string - Specifies the name of the git repository.
- Root
Folder string - Specifies the root folder within the repository. Set to
/for the top level. - Last
Commit stringId - The last commit ID.
- Tenant
Id string - the ID of the tenant for the Azure DevOps account.
- account
Name String - Specifies the Azure DevOps account name.
- branch
Name String - Specifies the collaboration branch of the repository to get code from.
- project
Name String - Specifies the name of the Azure DevOps project.
- repository
Name String - Specifies the name of the git repository.
- root
Folder String - Specifies the root folder within the repository. Set to
/for the top level. - last
Commit StringId - The last commit ID.
- tenant
Id String - the ID of the tenant for the Azure DevOps account.
- account
Name string - Specifies the Azure DevOps account name.
- branch
Name string - Specifies the collaboration branch of the repository to get code from.
- project
Name string - Specifies the name of the Azure DevOps project.
- repository
Name string - Specifies the name of the git repository.
- root
Folder string - Specifies the root folder within the repository. Set to
/for the top level. - last
Commit stringId - The last commit ID.
- tenant
Id string - the ID of the tenant for the Azure DevOps account.
- account_
name str - Specifies the Azure DevOps account name.
- branch_
name str - Specifies the collaboration branch of the repository to get code from.
- project_
name str - Specifies the name of the Azure DevOps project.
- repository_
name str - Specifies the name of the git repository.
- root_
folder str - Specifies the root folder within the repository. Set to
/for the top level. - last_
commit_ strid - The last commit ID.
- tenant_
id str - the ID of the tenant for the Azure DevOps account.
- account
Name String - Specifies the Azure DevOps account name.
- branch
Name String - Specifies the collaboration branch of the repository to get code from.
- project
Name String - Specifies the name of the Azure DevOps project.
- repository
Name String - Specifies the name of the git repository.
- root
Folder String - Specifies the root folder within the repository. Set to
/for the top level. - last
Commit StringId - The last commit ID.
- tenant
Id String - the ID of the tenant for the Azure DevOps account.
WorkspaceCustomerManagedKey, WorkspaceCustomerManagedKeyArgs
- Key
Versionless stringId - The Azure Key Vault Key Versionless ID to be used as the Customer Managed Key (CMK) for double encryption (e.g.
https://example-keyvault.vault.azure.net/type/cmk/). - Key
Name string - An identifier for the key. Name needs to match the name of the key used with the
azure.synapse.WorkspaceKeyresource. Defaults to "cmk" if not specified. - User
Assigned stringIdentity Id - The User Assigned Identity ID to be used for accessing the Customer Managed Key for encryption.
- Key
Versionless stringId - The Azure Key Vault Key Versionless ID to be used as the Customer Managed Key (CMK) for double encryption (e.g.
https://example-keyvault.vault.azure.net/type/cmk/). - Key
Name string - An identifier for the key. Name needs to match the name of the key used with the
azure.synapse.WorkspaceKeyresource. Defaults to "cmk" if not specified. - User
Assigned stringIdentity Id - The User Assigned Identity ID to be used for accessing the Customer Managed Key for encryption.
- key
Versionless StringId - The Azure Key Vault Key Versionless ID to be used as the Customer Managed Key (CMK) for double encryption (e.g.
https://example-keyvault.vault.azure.net/type/cmk/). - key
Name String - An identifier for the key. Name needs to match the name of the key used with the
azure.synapse.WorkspaceKeyresource. Defaults to "cmk" if not specified. - user
Assigned StringIdentity Id - The User Assigned Identity ID to be used for accessing the Customer Managed Key for encryption.
- key
Versionless stringId - The Azure Key Vault Key Versionless ID to be used as the Customer Managed Key (CMK) for double encryption (e.g.
https://example-keyvault.vault.azure.net/type/cmk/). - key
Name string - An identifier for the key. Name needs to match the name of the key used with the
azure.synapse.WorkspaceKeyresource. Defaults to "cmk" if not specified. - user
Assigned stringIdentity Id - The User Assigned Identity ID to be used for accessing the Customer Managed Key for encryption.
- key_
versionless_ strid - The Azure Key Vault Key Versionless ID to be used as the Customer Managed Key (CMK) for double encryption (e.g.
https://example-keyvault.vault.azure.net/type/cmk/). - key_
name str - An identifier for the key. Name needs to match the name of the key used with the
azure.synapse.WorkspaceKeyresource. Defaults to "cmk" if not specified. - user_
assigned_ stridentity_ id - The User Assigned Identity ID to be used for accessing the Customer Managed Key for encryption.
- key
Versionless StringId - The Azure Key Vault Key Versionless ID to be used as the Customer Managed Key (CMK) for double encryption (e.g.
https://example-keyvault.vault.azure.net/type/cmk/). - key
Name String - An identifier for the key. Name needs to match the name of the key used with the
azure.synapse.WorkspaceKeyresource. Defaults to "cmk" if not specified. - user
Assigned StringIdentity Id - The User Assigned Identity ID to be used for accessing the Customer Managed Key for encryption.
WorkspaceGithubRepo, WorkspaceGithubRepoArgs
- Account
Name string - Specifies the GitHub account name.
- Branch
Name string - Specifies the collaboration branch of the repository to get code from.
- Repository
Name string - Specifies the name of the git repository.
- Root
Folder string - Specifies the root folder within the repository. Set to
/for the top level. - Git
Url string Specifies the GitHub Enterprise host name. For example: https://github.mydomain.com.
Note: You must log in to the Synapse UI to complete the authentication to the GitHub repository.
- Last
Commit stringId - The last commit ID.
- Account
Name string - Specifies the GitHub account name.
- Branch
Name string - Specifies the collaboration branch of the repository to get code from.
- Repository
Name string - Specifies the name of the git repository.
- Root
Folder string - Specifies the root folder within the repository. Set to
/for the top level. - Git
Url string Specifies the GitHub Enterprise host name. For example: https://github.mydomain.com.
Note: You must log in to the Synapse UI to complete the authentication to the GitHub repository.
- Last
Commit stringId - The last commit ID.
- account
Name String - Specifies the GitHub account name.
- branch
Name String - Specifies the collaboration branch of the repository to get code from.
- repository
Name String - Specifies the name of the git repository.
- root
Folder String - Specifies the root folder within the repository. Set to
/for the top level. - git
Url String Specifies the GitHub Enterprise host name. For example: https://github.mydomain.com.
Note: You must log in to the Synapse UI to complete the authentication to the GitHub repository.
- last
Commit StringId - The last commit ID.
- account
Name string - Specifies the GitHub account name.
- branch
Name string - Specifies the collaboration branch of the repository to get code from.
- repository
Name string - Specifies the name of the git repository.
- root
Folder string - Specifies the root folder within the repository. Set to
/for the top level. - git
Url string Specifies the GitHub Enterprise host name. For example: https://github.mydomain.com.
Note: You must log in to the Synapse UI to complete the authentication to the GitHub repository.
- last
Commit stringId - The last commit ID.
- account_
name str - Specifies the GitHub account name.
- branch_
name str - Specifies the collaboration branch of the repository to get code from.
- repository_
name str - Specifies the name of the git repository.
- root_
folder str - Specifies the root folder within the repository. Set to
/for the top level. - git_
url str Specifies the GitHub Enterprise host name. For example: https://github.mydomain.com.
Note: You must log in to the Synapse UI to complete the authentication to the GitHub repository.
- last_
commit_ strid - The last commit ID.
- account
Name String - Specifies the GitHub account name.
- branch
Name String - Specifies the collaboration branch of the repository to get code from.
- repository
Name String - Specifies the name of the git repository.
- root
Folder String - Specifies the root folder within the repository. Set to
/for the top level. - git
Url String Specifies the GitHub Enterprise host name. For example: https://github.mydomain.com.
Note: You must log in to the Synapse UI to complete the authentication to the GitHub repository.
- last
Commit StringId - The last commit ID.
WorkspaceIdentity, WorkspaceIdentityArgs
- Type string
- Specifies the type of Managed Service Identity that should be associated with this Synapse Workspace. Possible values are
SystemAssigned,UserAssignedandSystemAssigned, UserAssigned(to enable both). - Identity
Ids List<string> Specifies a list of User Assigned Managed Identity IDs to be assigned to this Synapse Workspace.
NOTE: This is required when
typeis set toUserAssignedorSystemAssigned, UserAssigned.- Principal
Id string - The Principal ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace.
- Tenant
Id string - The Tenant ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace.
- Type string
- Specifies the type of Managed Service Identity that should be associated with this Synapse Workspace. Possible values are
SystemAssigned,UserAssignedandSystemAssigned, UserAssigned(to enable both). - Identity
Ids []string Specifies a list of User Assigned Managed Identity IDs to be assigned to this Synapse Workspace.
NOTE: This is required when
typeis set toUserAssignedorSystemAssigned, UserAssigned.- Principal
Id string - The Principal ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace.
- Tenant
Id string - The Tenant ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace.
- type String
- Specifies the type of Managed Service Identity that should be associated with this Synapse Workspace. Possible values are
SystemAssigned,UserAssignedandSystemAssigned, UserAssigned(to enable both). - identity
Ids List<String> Specifies a list of User Assigned Managed Identity IDs to be assigned to this Synapse Workspace.
NOTE: This is required when
typeis set toUserAssignedorSystemAssigned, UserAssigned.- principal
Id String - The Principal ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace.
- tenant
Id String - The Tenant ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace.
- type string
- Specifies the type of Managed Service Identity that should be associated with this Synapse Workspace. Possible values are
SystemAssigned,UserAssignedandSystemAssigned, UserAssigned(to enable both). - identity
Ids string[] Specifies a list of User Assigned Managed Identity IDs to be assigned to this Synapse Workspace.
NOTE: This is required when
typeis set toUserAssignedorSystemAssigned, UserAssigned.- principal
Id string - The Principal ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace.
- tenant
Id string - The Tenant ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace.
- type str
- Specifies the type of Managed Service Identity that should be associated with this Synapse Workspace. Possible values are
SystemAssigned,UserAssignedandSystemAssigned, UserAssigned(to enable both). - identity_
ids Sequence[str] Specifies a list of User Assigned Managed Identity IDs to be assigned to this Synapse Workspace.
NOTE: This is required when
typeis set toUserAssignedorSystemAssigned, UserAssigned.- principal_
id str - The Principal ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace.
- tenant_
id str - The Tenant ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace.
- type String
- Specifies the type of Managed Service Identity that should be associated with this Synapse Workspace. Possible values are
SystemAssigned,UserAssignedandSystemAssigned, UserAssigned(to enable both). - identity
Ids List<String> Specifies a list of User Assigned Managed Identity IDs to be assigned to this Synapse Workspace.
NOTE: This is required when
typeis set toUserAssignedorSystemAssigned, UserAssigned.- principal
Id String - The Principal ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace.
- tenant
Id String - The Tenant ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace.
Import
Synapse Workspace can be imported using the resource id, e.g.
$ pulumi import azure:synapse/workspace:Workspace example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Synapse/workspaces/workspace1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.