admin child template

elanzel · Jun 13, 2024 · 0920b1c · 0920b1c
1 parent 104244f
commit 0920b1c
Show file tree

Hide file tree

Showing 9 changed files with 561 additions and 84 deletions.
diff --git a/avm/res/synapse/workspace/README.md b/avm/res/synapse/workspace/README.md
@@ -27,6 +27,7 @@ This module deploys a Synapse Workspace.
 | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) |
 | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) |
 | `Microsoft.Synapse/workspaces` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/workspaces) |
+| `Microsoft.Synapse/workspaces/administrators` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/workspaces/administrators) |
 | `Microsoft.Synapse/workspaces/integrationRuntimes` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/workspaces/integrationRuntimes) |
 | `Microsoft.Synapse/workspaces/keys` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/workspaces/keys) |
 
@@ -346,6 +347,11 @@ module workspace 'br/public:avm/res/synapse/workspace:<version>' = {
     name: 'swmax001'
     sqlAdministratorLogin: 'synwsadmin'
     // Non-required parameters
+    administrator: {
+      administratorType: 'ServicePrincipal'
+      login: 'dep-msi-swmax'
+      sid: '<sid>'
+    }
     diagnosticSettings: [
       {
         eventHubAuthorizationRuleResourceId: '<eventHubAuthorizationRuleResourceId>'
@@ -469,6 +475,13 @@ module workspace 'br/public:avm/res/synapse/workspace:<version>' = {
       "value": "synwsadmin"
     },
     // Non-required parameters
+    "administrator": {
+      "value": {
+        "administratorType": "ServicePrincipal",
+        "login": "dep-msi-swmax",
+        "sid": "<sid>"
+      }
+    },
     "diagnosticSettings": {
       "value": [
         {
@@ -758,6 +771,7 @@ module workspace 'br/public:avm/res/synapse/workspace:<version>' = {
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
 | [`accountUrl`](#parameter-accounturl) | string | The account URL of the data lake storage account. |
+| [`administrator`](#parameter-administrator) | object | The Entra ID administrator for the synapse workspace. |
 | [`allowedAadTenantIdsForLinking`](#parameter-allowedaadtenantidsforlinking) | array | Allowed AAD Tenant IDs For Linking. |
 | [`azureADOnlyAuthentication`](#parameter-azureadonlyauthentication) | bool | Enable or Disable AzureADOnlyAuthentication on All Workspace sub-resource. |
 | [`customerManagedKey`](#parameter-customermanagedkey) | object | The customer managed key definition. |
@@ -818,6 +832,43 @@ The account URL of the data lake storage account.
 - Type: string
 - Default: `[format('https://{0}.dfs.{1}', last(split(parameters('defaultDataLakeStorageAccountResourceId'), '/')), environment().suffixes.storage)]`
 
+### Parameter: `administrator`
+
+The Entra ID administrator for the synapse workspace.
+
+- Required: No
+- Type: object
+- Default: `{}`
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`administratorType`](#parameter-administratoradministratortype) | string | Workspace active directory administrator type. |
+| [`login`](#parameter-administratorlogin) | securestring | Login of the workspace active directory administrator. |
+| [`sid`](#parameter-administratorsid) | securestring | Object ID of the workspace active directory administrator. |
+
+### Parameter: `administrator.administratorType`
+
+Workspace active directory administrator type.
+
+- Required: No
+- Type: string
+
+### Parameter: `administrator.login`
+
+Login of the workspace active directory administrator.
+
+- Required: No
+- Type: securestring
+
+### Parameter: `administrator.sid`
+
+Object ID of the workspace active directory administrator.
+
+- Required: No
+- Type: securestring
+
 ### Parameter: `allowedAadTenantIdsForLinking`
 
 Allowed AAD Tenant IDs For Linking.

diff --git a/avm/res/synapse/workspace/administrators/README.md b/avm/res/synapse/workspace/administrators/README.md
@@ -0,0 +1,91 @@
+# Synapse Workspaces Administrators `[Microsoft.Synapse/workspaces/administrators]`
+
+This module deploys Synapse Workspaces Administrators.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+- [Data Collection](#Data-Collection)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Synapse/workspaces/administrators` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/workspaces/administrators) |
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`administrator`](#parameter-administrator) | object | The administrators definition. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`workspaceName`](#parameter-workspacename) | string | The name of the parent Synapse Workspace. Required if the template is used in a standalone deployment. |
+
+### Parameter: `administrator`
+
+The administrators definition.
+
+- Required: Yes
+- Type: object
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`administratorType`](#parameter-administratoradministratortype) | string | Workspace active directory administrator type. |
+| [`login`](#parameter-administratorlogin) | securestring | Login of the workspace active directory administrator. |
+| [`sid`](#parameter-administratorsid) | securestring | Object ID of the workspace active directory administrator. |
+
+### Parameter: `administrator.administratorType`
+
+Workspace active directory administrator type.
+
+- Required: No
+- Type: string
+
+### Parameter: `administrator.login`
+
+Login of the workspace active directory administrator.
+
+- Required: No
+- Type: securestring
+
+### Parameter: `administrator.sid`
+
+Object ID of the workspace active directory administrator.
+
+- Required: No
+- Type: securestring
+
+### Parameter: `workspaceName`
+
+The name of the parent Synapse Workspace. Required if the template is used in a standalone deployment.
+
+- Required: Yes
+- Type: string
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the deployed administrator. |
+| `resourceGroupName` | string | The resource group of the deployed administrator. |
+| `resourceId` | string | The resource ID of the deployed administrator. |
+
+## Cross-referenced modules
+
+_None_
+
+## Data Collection
+
+The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at <https://go.microsoft.com/fwlink/?LinkID=824704>. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
diff --git a/avm/res/synapse/workspace/administrators/main.bicep b/avm/res/synapse/workspace/administrators/main.bicep
@@ -0,0 +1,51 @@
+metadata name = 'Synapse Workspaces Administrators'
+metadata description = 'This module deploys Synapse Workspaces Administrators.'
+metadata owner = 'Azure/module-maintainers'
+
+@description('Conditional. The name of the parent Synapse Workspace. Required if the template is used in a standalone deployment.')
+param workspaceName string
+
+@description('Required. The administrators definition.')
+param administrator adminType
+
+resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' existing = {
+  name: workspaceName
+}
+
+resource synapse_workspace_administrator 'Microsoft.Synapse/workspaces/administrators@2021-06-01' = if (!empty(administrator)) {
+  name: 'activeDirectory'
+  parent: workspace
+  properties: {
+    administratorType: administrator.administratorType
+    login: administrator.login
+    sid: administrator.sid
+    tenantId: subscription().tenantId
+  }
+}
+
+@description('The name of the deployed administrator.')
+output name string = synapse_workspace_administrator.name
+
+@description('The resource ID of the deployed administrator.')
+output resourceId string = synapse_workspace_administrator.id
+
+@description('The resource group of the deployed administrator.')
+output resourceGroupName string = resourceGroup().name
+
+// ================ //
+// Definitions      //
+// ================ //
+
+@export()
+type adminType = {
+  @description('Optional. Workspace active directory administrator type.')
+  administratorType: string?
+
+  @description('Optional. Login of the workspace active directory administrator.')
+  @secure()
+  login: string?
+
+  @description('Optional. Object ID of the workspace active directory administrator.')
+  @secure()
+  sid: string?
+}
diff --git a/avm/res/synapse/workspace/administrators/main.json b/avm/res/synapse/workspace/administrators/main.json
@@ -0,0 +1,106 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "languageVersion": "2.0",
+  "contentVersion": "1.0.0.0",
+  "metadata": {
+    "_generator": {
+      "name": "bicep",
+      "version": "0.28.1.47646",
+      "templateHash": "1990066188266359857"
+    },
+    "name": "Synapse Workspaces Administrators",
+    "description": "This module deploys Synapse Workspaces Administrators.",
+    "owner": "Azure/module-maintainers"
+  },
+  "definitions": {
+    "adminType": {
+      "type": "object",
+      "properties": {
+        "administratorType": {
+          "type": "string",
+          "nullable": true,
+          "metadata": {
+            "description": "Optional. Workspace active directory administrator type."
+          }
+        },
+        "login": {
+          "type": "securestring",
+          "nullable": true,
+          "metadata": {
+            "description": "Optional. Login of the workspace active directory administrator."
+          }
+        },
+        "sid": {
+          "type": "securestring",
+          "nullable": true,
+          "metadata": {
+            "description": "Optional. Object ID of the workspace active directory administrator."
+          }
+        }
+      },
+      "metadata": {
+        "__bicep_export!": true
+      }
+    }
+  },
+  "parameters": {
+    "workspaceName": {
+      "type": "string",
+      "metadata": {
+        "description": "Conditional. The name of the parent Synapse Workspace. Required if the template is used in a standalone deployment."
+      }
+    },
+    "administrator": {
+      "$ref": "#/definitions/adminType",
+      "metadata": {
+        "description": "Required. The administrators definition."
+      }
+    }
+  },
+  "resources": {
+    "workspace": {
+      "existing": true,
+      "type": "Microsoft.Synapse/workspaces",
+      "apiVersion": "2021-06-01",
+      "name": "[parameters('workspaceName')]"
+    },
+    "synapse_workspace_administrator": {
+      "condition": "[not(empty(parameters('administrator')))]",
+      "type": "Microsoft.Synapse/workspaces/administrators",
+      "apiVersion": "2021-06-01",
+      "name": "[format('{0}/{1}', parameters('workspaceName'), 'activeDirectory')]",
+      "properties": {
+        "administratorType": "[parameters('administrator').administratorType]",
+        "login": "[parameters('administrator').login]",
+        "sid": "[parameters('administrator').sid]",
+        "tenantId": "[subscription().tenantId]"
+      },
+      "dependsOn": [
+        "workspace"
+      ]
+    }
+  },
+  "outputs": {
+    "name": {
+      "type": "string",
+      "metadata": {
+        "description": "The name of the deployed administrator."
+      },
+      "value": "activeDirectory"
+    },
+    "resourceId": {
+      "type": "string",
+      "metadata": {
+        "description": "The resource ID of the deployed administrator."
+      },
+      "value": "[resourceId('Microsoft.Synapse/workspaces/administrators', parameters('workspaceName'), 'activeDirectory')]"
+    },
+    "resourceGroupName": {
+      "type": "string",
+      "metadata": {
+        "description": "The resource group of the deployed administrator."
+      },
+      "value": "[resourceGroup().name]"
+    }
+  }
+}
diff --git a/avm/res/synapse/workspace/integration-runtime/main.json b/avm/res/synapse/workspace/integration-runtime/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.26.170.59819",
-      "templateHash": "12068224449891293218"
+      "version": "0.28.1.47646",
+      "templateHash": "12071965359188483950"
     },
     "name": "Synapse Workspace Integration Runtimes",
     "description": "This module deploys a Synapse Workspace Integration Runtime.",

diff --git a/avm/res/synapse/workspace/key/main.json b/avm/res/synapse/workspace/key/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.26.170.59819",
-      "templateHash": "15295521192306502787"
+      "version": "0.28.1.47646",
+      "templateHash": "17207449952619386820"
     },
     "name": "Synapse Workspaces Keys",
     "description": "This module deploys a Synapse Workspaces Key.",