Merge pull request #13276 from owenfarrell/synapse-vulnerability-asse…

…ssment Add capability to enable vulnerability assessments for Azure Synapse SQL Pools
hashicorp · Sep 16, 2021 · 7d11ede · 7d11ede
2 parents 267dbe5 + bdd4d1a
commit 7d11ede
Show file tree

Hide file tree

Showing 31 changed files with 3,531 additions and 10 deletions.
diff --git a/internal/services/synapse/client/client.go b/internal/services/synapse/client/client.go
@@ -18,10 +18,14 @@ type Client struct {
 	PrivateLinkHubsClient                            *synapse.PrivateLinkHubsClient
 	SparkPoolClient                                  *synapse.BigDataPoolsClient
 	SqlPoolClient                                    *synapse.SQLPoolsClient
+	SqlPoolSecurityAlertPolicyClient                 *synapse.SQLPoolSecurityAlertPoliciesClient
 	SqlPoolTransparentDataEncryptionClient           *synapse.SQLPoolTransparentDataEncryptionsClient
+	SqlPoolVulnerabilityAssessmentsClient            *synapse.SQLPoolVulnerabilityAssessmentsClient
 	WorkspaceClient                                  *synapse.WorkspacesClient
 	WorkspaceAadAdminsClient                         *synapse.WorkspaceAadAdminsClient
 	WorkspaceManagedIdentitySQLControlSettingsClient *synapse.WorkspaceManagedIdentitySQLControlSettingsClient
+	WorkspaceSecurityAlertPolicyClient               *synapse.WorkspaceManagedSQLServerSecurityAlertPolicyClient
+	WorkspaceVulnerabilityAssessmentsClient          *synapse.WorkspaceManagedSQLServerVulnerabilityAssessmentsClient
 
 	synapseAuthorizer autorest.Authorizer
 }
@@ -46,9 +50,15 @@ func NewClient(o *common.ClientOptions) *Client {
 	sqlPoolClient := synapse.NewSQLPoolsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&sqlPoolClient.Client, o.ResourceManagerAuthorizer)
 
+	sqlPoolSecurityAlertPolicyClient := synapse.NewSQLPoolSecurityAlertPoliciesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&sqlPoolSecurityAlertPolicyClient.Client, o.ResourceManagerAuthorizer)
+
 	sqlPoolTransparentDataEncryptionClient := synapse.NewSQLPoolTransparentDataEncryptionsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&sqlPoolTransparentDataEncryptionClient.Client, o.ResourceManagerAuthorizer)
 
+	sqlPoolVulnerabilityAssessmentsClient := synapse.NewSQLPoolVulnerabilityAssessmentsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&sqlPoolVulnerabilityAssessmentsClient.Client, o.ResourceManagerAuthorizer)
+
 	workspaceClient := synapse.NewWorkspacesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&workspaceClient.Client, o.ResourceManagerAuthorizer)
 
@@ -58,17 +68,27 @@ func NewClient(o *common.ClientOptions) *Client {
 	workspaceManagedIdentitySQLControlSettingsClient := synapse.NewWorkspaceManagedIdentitySQLControlSettingsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&workspaceManagedIdentitySQLControlSettingsClient.Client, o.ResourceManagerAuthorizer)
 
+	workspaceSecurityAlertPolicyClient := synapse.NewWorkspaceManagedSQLServerSecurityAlertPolicyClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&workspaceSecurityAlertPolicyClient.Client, o.ResourceManagerAuthorizer)
+
+	workspaceVulnerabilityAssessmentsClient := synapse.NewWorkspaceManagedSQLServerVulnerabilityAssessmentsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&workspaceVulnerabilityAssessmentsClient.Client, o.ResourceManagerAuthorizer)
+
 	return &Client{
 		FirewallRulesClient:                              &firewallRuleClient,
 		IntegrationRuntimesClient:                        &integrationRuntimesClient,
 		IntegrationRuntimeAuthKeysClient:                 &integrationRuntimeAuthKeysClient,
 		PrivateLinkHubsClient:                            &privateLinkHubsClient,
 		SparkPoolClient:                                  &sparkPoolClient,
 		SqlPoolClient:                                    &sqlPoolClient,
+		SqlPoolSecurityAlertPolicyClient:                 &sqlPoolSecurityAlertPolicyClient,
 		SqlPoolTransparentDataEncryptionClient:           &sqlPoolTransparentDataEncryptionClient,
+		SqlPoolVulnerabilityAssessmentsClient:            &sqlPoolVulnerabilityAssessmentsClient,
 		WorkspaceClient:                                  &workspaceClient,
 		WorkspaceAadAdminsClient:                         &workspaceAadAdminsClient,
 		WorkspaceManagedIdentitySQLControlSettingsClient: &workspaceManagedIdentitySQLControlSettingsClient,
+		WorkspaceSecurityAlertPolicyClient:               &workspaceSecurityAlertPolicyClient,
+		WorkspaceVulnerabilityAssessmentsClient:          &workspaceVulnerabilityAssessmentsClient,
 
 		synapseAuthorizer: o.SynapseAuthorizer,
 	}

diff --git a/internal/services/synapse/parse/sql_pool_security_alert_policy.go b/internal/services/synapse/parse/sql_pool_security_alert_policy.go
@@ -0,0 +1,81 @@
+package parse
+
+// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/terraform-provider-azurerm/helpers/azure"
+)
+
+type SqlPoolSecurityAlertPolicyId struct {
+	SubscriptionId          string
+	ResourceGroup           string
+	WorkspaceName           string
+	SqlPoolName             string
+	SecurityAlertPolicyName string
+}
+
+func NewSqlPoolSecurityAlertPolicyID(subscriptionId, resourceGroup, workspaceName, sqlPoolName, securityAlertPolicyName string) SqlPoolSecurityAlertPolicyId {
+	return SqlPoolSecurityAlertPolicyId{
+		SubscriptionId:          subscriptionId,
+		ResourceGroup:           resourceGroup,
+		WorkspaceName:           workspaceName,
+		SqlPoolName:             sqlPoolName,
+		SecurityAlertPolicyName: securityAlertPolicyName,
+	}
+}
+
+func (id SqlPoolSecurityAlertPolicyId) String() string {
+	segments := []string{
+		fmt.Sprintf("Security Alert Policy Name %q", id.SecurityAlertPolicyName),
+		fmt.Sprintf("Sql Pool Name %q", id.SqlPoolName),
+		fmt.Sprintf("Workspace Name %q", id.WorkspaceName),
+		fmt.Sprintf("Resource Group %q", id.ResourceGroup),
+	}
+	segmentsStr := strings.Join(segments, " / ")
+	return fmt.Sprintf("%s: (%s)", "Sql Pool Security Alert Policy", segmentsStr)
+}
+
+func (id SqlPoolSecurityAlertPolicyId) ID() string {
+	fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Synapse/workspaces/%s/sqlPools/%s/securityAlertPolicies/%s"
+	return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.SecurityAlertPolicyName)
+}
+
+// SqlPoolSecurityAlertPolicyID parses a SqlPoolSecurityAlertPolicy ID into an SqlPoolSecurityAlertPolicyId struct
+func SqlPoolSecurityAlertPolicyID(input string) (*SqlPoolSecurityAlertPolicyId, error) {
+	id, err := azure.ParseAzureResourceID(input)
+	if err != nil {
+		return nil, err
+	}
+
+	resourceId := SqlPoolSecurityAlertPolicyId{
+		SubscriptionId: id.SubscriptionID,
+		ResourceGroup:  id.ResourceGroup,
+	}
+
+	if resourceId.SubscriptionId == "" {
+		return nil, fmt.Errorf("ID was missing the 'subscriptions' element")
+	}
+
+	if resourceId.ResourceGroup == "" {
+		return nil, fmt.Errorf("ID was missing the 'resourceGroups' element")
+	}
+
+	if resourceId.WorkspaceName, err = id.PopSegment("workspaces"); err != nil {
+		return nil, err
+	}
+	if resourceId.SqlPoolName, err = id.PopSegment("sqlPools"); err != nil {
+		return nil, err
+	}
+	if resourceId.SecurityAlertPolicyName, err = id.PopSegment("securityAlertPolicies"); err != nil {
+		return nil, err
+	}
+
+	if err := id.ValidateNoEmptySegments(input); err != nil {
+		return nil, err
+	}
+
+	return &resourceId, nil
+}
diff --git a/internal/services/synapse/parse/sql_pool_security_alert_policy_test.go b/internal/services/synapse/parse/sql_pool_security_alert_policy_test.go
@@ -0,0 +1,144 @@
+package parse
+
+// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-provider-azurerm/internal/resourceid"
+)
+
+var _ resourceid.Formatter = SqlPoolSecurityAlertPolicyId{}
+
+func TestSqlPoolSecurityAlertPolicyIDFormatter(t *testing.T) {
+	actual := NewSqlPoolSecurityAlertPolicyID("12345678-1234-9876-4563-123456789012", "resGroup1", "workspace1", "sqlPool1", "Default").ID()
+	expected := "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/securityAlertPolicies/Default"
+	if actual != expected {
+		t.Fatalf("Expected %q but got %q", expected, actual)
+	}
+}
+
+func TestSqlPoolSecurityAlertPolicyID(t *testing.T) {
+	testData := []struct {
+		Input    string
+		Error    bool
+		Expected *SqlPoolSecurityAlertPolicyId
+	}{
+
+		{
+			// empty
+			Input: "",
+			Error: true,
+		},
+
+		{
+			// missing SubscriptionId
+			Input: "/",
+			Error: true,
+		},
+
+		{
+			// missing value for SubscriptionId
+			Input: "/subscriptions/",
+			Error: true,
+		},
+
+		{
+			// missing ResourceGroup
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/",
+			Error: true,
+		},
+
+		{
+			// missing value for ResourceGroup
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/",
+			Error: true,
+		},
+
+		{
+			// missing WorkspaceName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/",
+			Error: true,
+		},
+
+		{
+			// missing value for WorkspaceName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/",
+			Error: true,
+		},
+
+		{
+			// missing SqlPoolName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/",
+			Error: true,
+		},
+
+		{
+			// missing value for SqlPoolName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/",
+			Error: true,
+		},
+
+		{
+			// missing SecurityAlertPolicyName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/",
+			Error: true,
+		},
+
+		{
+			// missing value for SecurityAlertPolicyName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/securityAlertPolicies/",
+			Error: true,
+		},
+
+		{
+			// valid
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/securityAlertPolicies/Default",
+			Expected: &SqlPoolSecurityAlertPolicyId{
+				SubscriptionId:          "12345678-1234-9876-4563-123456789012",
+				ResourceGroup:           "resGroup1",
+				WorkspaceName:           "workspace1",
+				SqlPoolName:             "sqlPool1",
+				SecurityAlertPolicyName: "Default",
+			},
+		},
+
+		{
+			// upper-cased
+			Input: "/SUBSCRIPTIONS/12345678-1234-9876-4563-123456789012/RESOURCEGROUPS/RESGROUP1/PROVIDERS/MICROSOFT.SYNAPSE/WORKSPACES/WORKSPACE1/SQLPOOLS/SQLPOOL1/SECURITYALERTPOLICIES/DEFAULT",
+			Error: true,
+		},
+	}
+
+	for _, v := range testData {
+		t.Logf("[DEBUG] Testing %q", v.Input)
+
+		actual, err := SqlPoolSecurityAlertPolicyID(v.Input)
+		if err != nil {
+			if v.Error {
+				continue
+			}
+
+			t.Fatalf("Expect a value but got an error: %s", err)
+		}
+		if v.Error {
+			t.Fatal("Expect an error but didn't get one")
+		}
+
+		if actual.SubscriptionId != v.Expected.SubscriptionId {
+			t.Fatalf("Expected %q but got %q for SubscriptionId", v.Expected.SubscriptionId, actual.SubscriptionId)
+		}
+		if actual.ResourceGroup != v.Expected.ResourceGroup {
+			t.Fatalf("Expected %q but got %q for ResourceGroup", v.Expected.ResourceGroup, actual.ResourceGroup)
+		}
+		if actual.WorkspaceName != v.Expected.WorkspaceName {
+			t.Fatalf("Expected %q but got %q for WorkspaceName", v.Expected.WorkspaceName, actual.WorkspaceName)
+		}
+		if actual.SqlPoolName != v.Expected.SqlPoolName {
+			t.Fatalf("Expected %q but got %q for SqlPoolName", v.Expected.SqlPoolName, actual.SqlPoolName)
+		}
+		if actual.SecurityAlertPolicyName != v.Expected.SecurityAlertPolicyName {
+			t.Fatalf("Expected %q but got %q for SecurityAlertPolicyName", v.Expected.SecurityAlertPolicyName, actual.SecurityAlertPolicyName)
+		}
+	}
+}
diff --git a/internal/services/synapse/parse/sql_pool_vulnerability_assessment.go b/internal/services/synapse/parse/sql_pool_vulnerability_assessment.go
@@ -0,0 +1,81 @@
+package parse
+
+// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/terraform-provider-azurerm/helpers/azure"
+)
+
+type SqlPoolVulnerabilityAssessmentId struct {
+	SubscriptionId              string
+	ResourceGroup               string
+	WorkspaceName               string
+	SqlPoolName                 string
+	VulnerabilityAssessmentName string
+}
+
+func NewSqlPoolVulnerabilityAssessmentID(subscriptionId, resourceGroup, workspaceName, sqlPoolName, vulnerabilityAssessmentName string) SqlPoolVulnerabilityAssessmentId {
+	return SqlPoolVulnerabilityAssessmentId{
+		SubscriptionId:              subscriptionId,
+		ResourceGroup:               resourceGroup,
+		WorkspaceName:               workspaceName,
+		SqlPoolName:                 sqlPoolName,
+		VulnerabilityAssessmentName: vulnerabilityAssessmentName,
+	}
+}
+
+func (id SqlPoolVulnerabilityAssessmentId) String() string {
+	segments := []string{
+		fmt.Sprintf("Vulnerability Assessment Name %q", id.VulnerabilityAssessmentName),
+		fmt.Sprintf("Sql Pool Name %q", id.SqlPoolName),
+		fmt.Sprintf("Workspace Name %q", id.WorkspaceName),
+		fmt.Sprintf("Resource Group %q", id.ResourceGroup),
+	}
+	segmentsStr := strings.Join(segments, " / ")
+	return fmt.Sprintf("%s: (%s)", "Sql Pool Vulnerability Assessment", segmentsStr)
+}
+
+func (id SqlPoolVulnerabilityAssessmentId) ID() string {
+	fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Synapse/workspaces/%s/sqlPools/%s/vulnerabilityAssessments/%s"
+	return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroup, id.WorkspaceName, id.SqlPoolName, id.VulnerabilityAssessmentName)
+}
+
+// SqlPoolVulnerabilityAssessmentID parses a SqlPoolVulnerabilityAssessment ID into an SqlPoolVulnerabilityAssessmentId struct
+func SqlPoolVulnerabilityAssessmentID(input string) (*SqlPoolVulnerabilityAssessmentId, error) {
+	id, err := azure.ParseAzureResourceID(input)
+	if err != nil {
+		return nil, err
+	}
+
+	resourceId := SqlPoolVulnerabilityAssessmentId{
+		SubscriptionId: id.SubscriptionID,
+		ResourceGroup:  id.ResourceGroup,
+	}
+
+	if resourceId.SubscriptionId == "" {
+		return nil, fmt.Errorf("ID was missing the 'subscriptions' element")
+	}
+
+	if resourceId.ResourceGroup == "" {
+		return nil, fmt.Errorf("ID was missing the 'resourceGroups' element")
+	}
+
+	if resourceId.WorkspaceName, err = id.PopSegment("workspaces"); err != nil {
+		return nil, err
+	}
+	if resourceId.SqlPoolName, err = id.PopSegment("sqlPools"); err != nil {
+		return nil, err
+	}
+	if resourceId.VulnerabilityAssessmentName, err = id.PopSegment("vulnerabilityAssessments"); err != nil {
+		return nil, err
+	}
+
+	if err := id.ValidateNoEmptySegments(input); err != nil {
+		return nil, err
+	}
+
+	return &resourceId, nil
+}