Skip to content
This repository was archived by the owner on Jan 30, 2025. It is now read-only.

Commit 38fc344

Browse files
mosharafMSmosharafMS
authored
Azure Active Directory support for Synapse (Azure#259)
1 parent 89613db commit 38fc344

File tree

22 files changed

+1110
-225
lines changed

22 files changed

+1110
-225
lines changed

azresources/analytics/synapse/main.bicep

Lines changed: 172 additions & 147 deletions
Original file line numberDiff line numberDiff line change
@@ -1,147 +1,172 @@
1-
// ----------------------------------------------------------------------------------
2-
// Copyright (c) Microsoft Corporation.
3-
// Licensed under the MIT license.
4-
//
5-
// THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
6-
// EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES
7-
// OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
8-
// ----------------------------------------------------------------------------------
9-
10-
@description('Location for the deployment.')
11-
param location string = resourceGroup().location
12-
13-
@description('Synapse Analytics name.')
14-
param name string
15-
16-
@description('Key/Value pair of tags.')
17-
param tags object = {}
18-
19-
@description('Synapse Analytics Managed Resource Group Name.')
20-
param managedResourceGroupName string
21-
22-
// ADLS Gen 2
23-
@description('Azure Data Lake Store Gen2 Resource Group Name.')
24-
param adlsResourceGroupName string
25-
26-
@description('Azure Data Lake Store Gen2 Name.')
27-
param adlsName string
28-
29-
@description('Azure Data Lake Store File System Name.')
30-
param adlsFSName string
31-
32-
// Credentials
33-
@description('Synapse Analytics Username.')
34-
@secure()
35-
param synapseUsername string
36-
37-
@description('Synapse Analytics Password.')
38-
@secure()
39-
param synapsePassword string
40-
41-
// Networking
42-
@description('Private Endpoint Subnet Resource Id.')
43-
param privateEndpointSubnetId string
44-
45-
@description('Private DNS Zone Resource Id.')
46-
param synapsePrivateZoneId string
47-
48-
@description('Private DNS Zone Resource Id for Dev.')
49-
param synapseDevPrivateZoneId string
50-
51-
@description('Private DNS Zone Resource Id for Sql.')
52-
param synapseSqlPrivateZoneId string
53-
54-
// SQL Vulnerability Scanning
55-
@description('SQL Vulnerability Scanning - Security Contact email address for alerts.')
56-
param sqlVulnerabilitySecurityContactEmail string
57-
58-
@description('SQL Vulnerability Scanning - Storage Account Resource Group.')
59-
param sqlVulnerabilityLoggingStorageAccounResourceGroupName string
60-
61-
@description('SQL Vulnerability Scanning - Storage Account Name.')
62-
param sqlVulnerabilityLoggingStorageAccountName string
63-
64-
@description('SQL Vulnerability Scanning - Storage Account Path to store the vulnerability scan results.')
65-
param sqlVulnerabilityLoggingStoragePath string
66-
67-
// Deployment Script Identity
68-
@description('Deployment Script Identity Resource Id. This identity is used to execute Azure CLI as part of the deployment.')
69-
param deploymentScriptIdentityId string
70-
71-
// Customer Managed Key
72-
@description('Boolean flag that determines whether to enable Customer Managed Key.')
73-
param useCMK bool
74-
75-
// Azure Key Vault
76-
@description('Azure Key Vault Resource Group Name. Required when useCMK=true.')
77-
param akvResourceGroupName string
78-
79-
@description('Azure Key Vault Name. Required when useCMK=true.')
80-
param akvName string
81-
82-
// Synapse Analytics without Customer Managed Key
83-
module synapseWithoutCMK 'synapse-without-cmk.bicep' = if (!useCMK) {
84-
name: 'deploy-synapse-without-cmk'
85-
params: {
86-
name: name
87-
tags: tags
88-
location: location
89-
90-
adlsResourceGroupName: adlsResourceGroupName
91-
adlsName: adlsName
92-
adlsFSName: adlsFSName
93-
94-
managedResourceGroupName: managedResourceGroupName
95-
96-
synapseUsername: synapseUsername
97-
synapsePassword: synapsePassword
98-
99-
privateEndpointSubnetId: privateEndpointSubnetId
100-
synapsePrivateZoneId: synapsePrivateZoneId
101-
synapseDevPrivateZoneId: synapseDevPrivateZoneId
102-
synapseSqlPrivateZoneId: synapseSqlPrivateZoneId
103-
104-
sqlVulnerabilitySecurityContactEmail: sqlVulnerabilitySecurityContactEmail
105-
106-
sqlVulnerabilityLoggingStorageAccounResourceGroupName: sqlVulnerabilityLoggingStorageAccounResourceGroupName
107-
sqlVulnerabilityLoggingStorageAccountName: sqlVulnerabilityLoggingStorageAccountName
108-
sqlVulnerabilityLoggingStoragePath: sqlVulnerabilityLoggingStoragePath
109-
110-
deploymentScriptIdentityId: deploymentScriptIdentityId
111-
}
112-
}
113-
114-
// Synapse Analytics with Customer Managed Key
115-
module synapseWithCMK 'synapse-with-cmk.bicep' = if (useCMK) {
116-
name: 'deploy-synapse-with-cmk'
117-
params: {
118-
name: name
119-
tags: tags
120-
location: location
121-
122-
adlsResourceGroupName: adlsResourceGroupName
123-
adlsName: adlsName
124-
adlsFSName: adlsFSName
125-
126-
managedResourceGroupName: managedResourceGroupName
127-
128-
synapseUsername: synapseUsername
129-
synapsePassword: synapsePassword
130-
131-
privateEndpointSubnetId: privateEndpointSubnetId
132-
synapsePrivateZoneId: synapsePrivateZoneId
133-
synapseDevPrivateZoneId: synapseDevPrivateZoneId
134-
synapseSqlPrivateZoneId: synapseSqlPrivateZoneId
135-
136-
sqlVulnerabilitySecurityContactEmail: sqlVulnerabilitySecurityContactEmail
137-
138-
sqlVulnerabilityLoggingStorageAccounResourceGroupName: sqlVulnerabilityLoggingStorageAccounResourceGroupName
139-
sqlVulnerabilityLoggingStorageAccountName: sqlVulnerabilityLoggingStorageAccountName
140-
sqlVulnerabilityLoggingStoragePath: sqlVulnerabilityLoggingStoragePath
141-
142-
deploymentScriptIdentityId: deploymentScriptIdentityId
143-
144-
akvResourceGroupName: akvResourceGroupName
145-
akvName: akvName
146-
}
147-
}
1+
// ----------------------------------------------------------------------------------
2+
// Copyright (c) Microsoft Corporation.
3+
// Licensed under the MIT license.
4+
//
5+
// THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
6+
// EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES
7+
// OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
8+
// ----------------------------------------------------------------------------------
9+
10+
@description('Location for the deployment.')
11+
param location string = resourceGroup().location
12+
13+
@description('Synapse Analytics name.')
14+
param name string
15+
16+
@description('Key/Value pair of tags.')
17+
param tags object = {}
18+
19+
@description('Synapse Analytics Managed Resource Group Name.')
20+
param managedResourceGroupName string
21+
22+
// ADLS Gen 2
23+
@description('Azure Data Lake Store Gen2 Resource Group Name.')
24+
param adlsResourceGroupName string
25+
26+
@description('Azure Data Lake Store Gen2 Name.')
27+
param adlsName string
28+
29+
@description('Azure Data Lake Store File System Name.')
30+
param adlsFSName string
31+
32+
// Credentials
33+
@description('use Azure AD only authentication or mix of both AAD and SQL authentication')
34+
param aadAuthenticationOnly bool
35+
36+
@description('Azure AD principal name, in the format of firstname last name')
37+
param aadLoginName string =''
38+
39+
@description('AAD account object id')
40+
param aadLoginObjectID string=''
41+
42+
@description('AAD account type with options User, Group, Application. Default: Group')
43+
@allowed([
44+
'User'
45+
'Group'
46+
'Application'
47+
])
48+
param aadLoginType string = 'Group'
49+
50+
@description('Synapse Analytics Username.')
51+
@secure()
52+
param sqlAuthenticationUsername string
53+
54+
@description('Synapse Analytics Password.')
55+
@secure()
56+
param sqlAuthenticationPassword string
57+
58+
// Networking
59+
@description('Private Endpoint Subnet Resource Id.')
60+
param privateEndpointSubnetId string
61+
62+
@description('Private DNS Zone Resource Id.')
63+
param synapsePrivateZoneId string
64+
65+
@description('Private DNS Zone Resource Id for Dev.')
66+
param synapseDevPrivateZoneId string
67+
68+
@description('Private DNS Zone Resource Id for Sql.')
69+
param synapseSqlPrivateZoneId string
70+
71+
// SQL Vulnerability Scanning
72+
@description('SQL Vulnerability Scanning - Security Contact email address for alerts.')
73+
param sqlVulnerabilitySecurityContactEmail string
74+
75+
@description('SQL Vulnerability Scanning - Storage Account Resource Group.')
76+
param sqlVulnerabilityLoggingStorageAccounResourceGroupName string
77+
78+
@description('SQL Vulnerability Scanning - Storage Account Name.')
79+
param sqlVulnerabilityLoggingStorageAccountName string
80+
81+
@description('SQL Vulnerability Scanning - Storage Account Path to store the vulnerability scan results.')
82+
param sqlVulnerabilityLoggingStoragePath string
83+
84+
// Deployment Script Identity
85+
@description('Deployment Script Identity Resource Id. This identity is used to execute Azure CLI as part of the deployment.')
86+
param deploymentScriptIdentityId string
87+
88+
// Customer Managed Key
89+
@description('Boolean flag that determines whether to enable Customer Managed Key.')
90+
param useCMK bool
91+
92+
// Azure Key Vault
93+
@description('Azure Key Vault Resource Group Name. Required when useCMK=true.')
94+
param akvResourceGroupName string
95+
96+
@description('Azure Key Vault Name. Required when useCMK=true.')
97+
param akvName string
98+
99+
// Synapse Analytics without Customer Managed Key
100+
module synapseWithoutCMK 'synapse-without-cmk.bicep' = if (!useCMK) {
101+
name: 'deploy-synapse-without-cmk'
102+
params: {
103+
name: name
104+
tags: tags
105+
location: location
106+
107+
adlsResourceGroupName: adlsResourceGroupName
108+
adlsName: adlsName
109+
adlsFSName: adlsFSName
110+
111+
managedResourceGroupName: managedResourceGroupName
112+
113+
aadAuthenticationOnly: aadAuthenticationOnly
114+
aadLoginName: aadLoginName
115+
aadLoginObjectID: aadLoginObjectID
116+
aadLoginType: aadLoginType
117+
sqlAuthenticationUsername: sqlAuthenticationUsername
118+
sqlAuthenticationPassword: sqlAuthenticationPassword
119+
120+
privateEndpointSubnetId: privateEndpointSubnetId
121+
synapsePrivateZoneId: synapsePrivateZoneId
122+
synapseDevPrivateZoneId: synapseDevPrivateZoneId
123+
synapseSqlPrivateZoneId: synapseSqlPrivateZoneId
124+
125+
sqlVulnerabilitySecurityContactEmail: sqlVulnerabilitySecurityContactEmail
126+
127+
sqlVulnerabilityLoggingStorageAccounResourceGroupName: sqlVulnerabilityLoggingStorageAccounResourceGroupName
128+
sqlVulnerabilityLoggingStorageAccountName: sqlVulnerabilityLoggingStorageAccountName
129+
sqlVulnerabilityLoggingStoragePath: sqlVulnerabilityLoggingStoragePath
130+
131+
deploymentScriptIdentityId: deploymentScriptIdentityId
132+
}
133+
}
134+
135+
// Synapse Analytics with Customer Managed Key
136+
module synapseWithCMK 'synapse-with-cmk.bicep' = if (useCMK) {
137+
name: 'deploy-synapse-with-cmk'
138+
params: {
139+
name: name
140+
tags: tags
141+
location: location
142+
143+
adlsResourceGroupName: adlsResourceGroupName
144+
adlsName: adlsName
145+
adlsFSName: adlsFSName
146+
147+
managedResourceGroupName: managedResourceGroupName
148+
149+
aadAuthenticationOnly: aadAuthenticationOnly
150+
aadLoginName: aadLoginName
151+
aadLoginObjectID: aadLoginObjectID
152+
aadLoginType: aadLoginType
153+
sqlAuthenticationUsername: sqlAuthenticationUsername
154+
sqlAuthenticationPassword: sqlAuthenticationPassword
155+
156+
privateEndpointSubnetId: privateEndpointSubnetId
157+
synapsePrivateZoneId: synapsePrivateZoneId
158+
synapseDevPrivateZoneId: synapseDevPrivateZoneId
159+
synapseSqlPrivateZoneId: synapseSqlPrivateZoneId
160+
161+
sqlVulnerabilitySecurityContactEmail: sqlVulnerabilitySecurityContactEmail
162+
163+
sqlVulnerabilityLoggingStorageAccounResourceGroupName: sqlVulnerabilityLoggingStorageAccounResourceGroupName
164+
sqlVulnerabilityLoggingStorageAccountName: sqlVulnerabilityLoggingStorageAccountName
165+
sqlVulnerabilityLoggingStoragePath: sqlVulnerabilityLoggingStoragePath
166+
167+
deploymentScriptIdentityId: deploymentScriptIdentityId
168+
169+
akvResourceGroupName: akvResourceGroupName
170+
akvName: akvName
171+
}
172+
}

0 commit comments

Comments
 (0)