Corvus.Deployment

0.1.2

arm-artifacts/shared-templates/synapse-workspace.json

                                {

  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",

  "contentVersion": "1.0.0.0",

  "parameters": {

    "_artifactsLocation": {

      "type": "string"

    },

    "_artifactsLocationSasToken": {

      "type": "securestring"

    },

    "workspaceName": {

      "type": "string"

    },

    "location": {

      "type": "string"

    },

    "defaultDataLakeStorageAccountName": {

      "type": "string"

    },

    "defaultDataLakeStorageFilesystemName": {

      "type": "string"

    },

    "setWorkspaceIdentityRbacOnStorageAccount": {

      "type": "bool"

    },

    "allowAllConnections": {

      "type": "bool",

      "defaultValue": true

    },

    "grantWorkspaceIdentityControlForSql": {

      "type": "string",

      "allowedValues": [

        "Enabled",

        "Disabled"

      ]

    },

    "managedVirtualNetwork": {

      "type": "string",

      "allowedValues": [

        "default",

        ""

      ],

      "defaultValue": ""

    },

    "tagValues": {

      "type": "object",

      "defaultValue": {}

    },

    "storageSubscriptionID": {

      "type": "string",

      "defaultValue": "[subscription().subscriptionId]"

    },

    "storageResourceGroupName": {

      "type": "string",

      "defaultValue": "[resourceGroup().name]"

    },

    "storageLocation": {

      "type": "string",

      "defaultValue": "[resourceGroup().location]"

    },

    "isNewStorageAccount": {

      "type": "bool",

      "defaultValue": false

    },

    "isNewFileSystemOnly": {

      "type": "bool",

      "defaultValue": false

    },

    "adlaResourceId": {

      "type": "string",

      "defaultValue": ""

    },

    "storageAccountType": {

      "type": "string"

    },

    "storageSupportsHttpsTrafficOnly": {

      "type": "bool"

    },

    "storageIsHnsEnabled": {

      "type": "bool"

    },

    "datalakeContributorGroupId": {

            "type": "string",

            "defaultValue": ""

        },

    "sqlAdministratorPrincipalName": {

            "type": "string"

        },

    "sqlAdministratorPrincipalId": {

            "type": "string"

        },

    "setSbdcRbacOnStorageAccount": {

      "type": "bool",

      "defaultValue": false

    }

  },

  "variables": {

    "readerRoleId": "acdd72a7-3385-48ef-bd42-f606fba81ae7",

    "storageBlobDataContributorRoleID": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",

    "defaultDataLakeStorageAccountUrl": "[concat('https://', parameters('defaultDataLakeStorageAccountName'), '.dfs.core.windows.net')]",

    "defaultDataLakeStorageDeployName": "[concat(deployment().name, '-defsa')]",

    "synapseManagedIdentityRoleAssignmentId": "[guid(concat(resourceGroup().id, '/', variables('storageBlobDataContributorRoleID'), '/', parameters('workspaceName'), '/', 'synapse-managed-identity'))]",

        "datalakeContributorRoleAssignmentId": "[guid(concat(resourceGroup().id, '/', variables('storageBlobDataContributorRoleID'), '/', parameters('datalakeContributorGroupId'), '/', 'datalake-contributor-group'))]",

    "defaultDataLakeStorageResourceReaderRoleAssignmentId": "[guid(concat(resourceGroup().id, '/', variables('readerRoleID'), '/', parameters('datalakeContributorGroupId'), '/', 'datalake-contributor-group'))]",

    "localTags": {

      "displayName": "[parameters('workspaceName')]"

    },

    "tags": "[union(parameters('tagValues'), variables('localTags'))]"

  },

  "resources": [

    {

      "apiVersion": "2019-06-01-preview",

      "name": "[parameters('workspaceName')]",

      "location": "[parameters('location')]",

      "type": "Microsoft.Synapse/workspaces",

      "identity": {

        "type": "SystemAssigned"

      },

      "properties": {

        "defaultDataLakeStorage": {

          "accountUrl": "[variables('defaultDataLakeStorageAccountUrl')]",

          "filesystem": "[parameters('defaultDataLakeStorageFilesystemName')]"

        },

        "adlaResourceId": "[parameters('adlaResourceId')]",

        "managedVirtualNetwork": "[parameters('managedVirtualNetwork')]"

      },

      "resources": [

        {

          "condition": "[parameters('allowAllConnections')]",

          "apiVersion": "2019-06-01-preview",

          "dependsOn": [

            "[concat('Microsoft.Synapse/workspaces/', parameters('workspaceName'))]"

          ],

          "location": "[parameters('location')]",

          "name": "allowAll",

          "properties": {

            "startIpAddress": "0.0.0.0",

            "endIpAddress": "255.255.255.255"

          },

          "type": "firewallRules"

        },

        {

          "apiVersion": "2019-06-01-preview",

          "dependsOn": [

            "[concat('Microsoft.Synapse/workspaces/', parameters('workspaceName'))]"

          ],

          "location": "[parameters('location')]",

          "name": "default",

          "properties": {

            "grantSqlControlToManagedIdentity": {

              "desiredState": "[parameters('grantWorkspaceIdentityControlForSql')]"

            }

          },

          "type": "managedIdentitySqlControlSettings"

        },

        {

          "type": "administrators",

          "name": "activeDirectory",

          "apiVersion": "2019-06-01-preview",

          "location": "[parameters('location')]",

          "properties": {

              "administratorType": "ActiveDirectory",

              "login": "[parameters('sqlAdministratorPrincipalName')]",

              "sid": "[parameters('sqlAdministratorPrincipalId')]",

              "tenantId": "[subscription().tenantId]"

          },

          "dependsOn": [

              "[concat('Microsoft.Synapse/workspaces/', parameters('workspaceName'))]"

          ]

        }

      ],

      "dependsOn": [

        "[variables('defaultDataLakeStorageDeployName')]",

        "[concat('Microsoft.Resources/deployments/', parameters('defaultDataLakeStorageFilesystemName'))]"

      ],

      "tags": "[parameters('tagValues')]"

    },

    {

      "condition": "[parameters('setWorkspaceIdentityRbacOnStorageAccount')]",

      "apiVersion": "2019-05-01",

      "name": "storageRoleDeploymentResource",

      "type": "Microsoft.Resources/deployments",

      "subscriptionId": "[parameters('storageSubscriptionID')]",

      "resourceGroup": "[parameters('storageResourceGroupName')]",

      "dependsOn": [

        "[concat('Microsoft.Synapse/workspaces/', parameters('workspaceName'))]"

      ],

      "properties": {

        "mode": "Incremental",

        "template": {

          "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

          "contentVersion": "1.0.0.0",

          "parameters": {},

          "variables": {},

          "resources": [

            {

              "type": "Microsoft.Storage/storageAccounts/providers/roleAssignments",

              "apiVersion": "2018-09-01-preview",

              "name": "[concat(parameters('defaultDataLakeStorageAccountName'), '/Microsoft.Authorization/', variables('synapseManagedIdentityRoleAssignmentId'))]",

              "location": "[parameters('storageLocation')]",

              "properties": {

                "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('storageBlobDataContributorRoleID'))]",

                "principalId": "[reference(concat('Microsoft.Synapse/workspaces/', parameters('workspaceName')), '2019-06-01-preview', 'Full').identity.principalId]",

                "principalType": "ServicePrincipal"

              }

            },

            {

              "condition": "[parameters('setSbdcRbacOnStorageAccount')]",

              "type": "Microsoft.Storage/storageAccounts/providers/roleAssignments",

              "apiVersion": "2018-09-01-preview",

              "name": "[concat(parameters('defaultDataLakeStorageAccountName'), '/Microsoft.Authorization/', variables('datalakeContributorRoleAssignmentId'))]",

              "properties": {

                "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('storageBlobDataContributorRoleID'))]",

                "principalId": "[parameters('datalakeContributorGroupId')]",

                "principalType": "Group"

              }

            },

            {

              "condition": "[parameters('setSbdcRbacOnStorageAccount')]",

              "type": "Microsoft.Storage/storageAccounts/providers/roleAssignments",

              "apiVersion": "2018-09-01-preview",

              "name": "[concat(parameters('defaultDataLakeStorageAccountName'), '/Microsoft.Authorization/', variables('defaultDataLakeStorageResourceReaderRoleAssignmentId'))]",

              "properties": {

                "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('readerRoleId'))]",

                "principalId": "[parameters('datalakeContributorGroupId')]",

                "principalType": "Group"

              }

            }

          ]

        }

      }

    },

    {

      "condition": "[parameters('isNewStorageAccount')]",

      "name": "[variables('defaultDataLakeStorageDeployName')]",

      "type": "Microsoft.Resources/deployments",

      "apiVersion": "2019-03-01",

      "dependsOn": [],

      "properties": {

        "mode": "Incremental",

        "templateLink": {

          "uri": "[concat(parameters('_artifactsLocation'), '/shared-templates/storage-account.json', parameters('_artifactsLocationSasToken'))]",

          "contentVersion": "1.0.0.0"

        },

        "parameters": {

          "storageAccountType": {

            "value": "[parameters('storageAccountType')]"

          },

          "storageAccountName": {

            "value": "[parameters('defaultDataLakeStorageAccountName')]"

          },

          "storageContainerNames": {

            "value": "[array(parameters('defaultDataLakeStorageFilesystemName'))]"

          },

          "supportsHttpsTrafficOnly": {

            "value": "[parameters('storageSupportsHttpsTrafficOnly')]"

          },

          "isHnsEnabled": {

            "value": "[parameters('storageIsHnsEnabled')]"

          },

          "tagValues": {

            "value": "[parameters('tagValues')]"

          }

        }

      }

    },

    {

      "condition": "[parameters('isNewFileSystemOnly')]",

      "apiVersion": "2019-05-01",

      "name": "[parameters('defaultDataLakeStorageFilesystemName')]",

      "type": "Microsoft.Resources/deployments",

      "subscriptionId": "[parameters('storageSubscriptionID')]",

      "resourceGroup": "[parameters('storageResourceGroupName')]",

      "properties": {

        "mode": "Incremental",

        "template": {

          "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

          "contentVersion": "1.0.0.0",

          "parameters": {},

          "variables": {},

          "resources": [

            {

              "type": "Microsoft.Storage/storageAccounts/blobServices/containers",

              "name": "[concat(parameters('defaultDataLakeStorageAccountName'), '/default/', parameters('defaultDataLakeStorageFilesystemName'))]",

              "apiVersion": "2018-02-01",

              "properties": {

                "publicAccess": "None"

              }

            }

          ]

        }

      }

    }

  ],

  "outputs": {

    "synapseManagedIdentity": {

      "type": "string",

      "value": "[reference(concat('Microsoft.Synapse/workspaces/', parameters('workspaceName')), '2019-06-01-preview', 'Full').identity.principalId]"

    }

  }

}