-
Notifications
You must be signed in to change notification settings - Fork 878
/
Copy path__main__.py
110 lines (97 loc) · 3.22 KB
/
__main__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# Copyright 2016-2020, Pulumi Corporation. All rights reserved.
import pulumi
import pulumi_azure_native.authorization as authorization
import pulumi_azure_native.storage as storage
import pulumi_azure_native.synapse as synapse
import pulumi_azure_native.resources as resources
import pulumi_random as random
config = pulumi.Config()
resource_group = resources.ResourceGroup("synapse-rg")
storage_account = storage.StorageAccount(
"synapsesa",
resource_group_name=resource_group.name,
access_tier=storage.AccessTier.HOT,
enable_https_traffic_only=True,
is_hns_enabled=True,
kind=storage.Kind.STORAGE_V2,
sku=storage.SkuArgs(
name=storage.SkuName.STANDARD_RAGRS,
),
)
data_lake_storage_account_url = storage_account.name.apply(
lambda name: f"https://{name}.dfs.core.windows.net"
)
users = storage.BlobContainer(
"users",
resource_group_name=resource_group.name,
account_name=storage_account.name,
public_access=storage.PublicAccess.NONE,
)
workspace = synapse.Workspace(
"workspace",
resource_group_name=resource_group.name,
default_data_lake_storage=synapse.DataLakeStorageAccountDetailsArgs(
account_url=data_lake_storage_account_url,
filesystem="users",
),
identity=synapse.ManagedIdentityArgs(
type=synapse.ResourceIdentityType.SYSTEM_ASSIGNED,
),
sql_administrator_login="sqladminuser",
sql_administrator_login_password=random.RandomPassword("workspacePwd", length=12).result,
)
allow_all = synapse.IpFirewallRule(
"allowAll",
resource_group_name=resource_group.name,
workspace_name=workspace.name,
end_ip_address="255.255.255.255",
start_ip_address="0.0.0.0",
)
subscription_id = resource_group.id.apply(lambda id: id.split("/")[2])
role_definition_id = subscription_id.apply(
lambda id: f"/subscriptions/{id}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe"
)
storage_access = authorization.RoleAssignment(
"storageAccess",
role_assignment_name=random.RandomUuid("roleName").result,
scope=storage_account.id,
principal_id=workspace.identity.principal_id.apply(lambda v: v or "<preview>"),
principal_type="ServicePrincipal",
role_definition_id=role_definition_id,
)
user_access = authorization.RoleAssignment(
"userAccess",
role_assignment_name=random.RandomUuid("userRoleName").result,
scope=storage_account.id,
principal_id=config.require("userObjectId"),
principal_type="User",
role_definition_id=role_definition_id,
)
sql_pool = synapse.SqlPool(
"SQLPOOL1",
resource_group_name=resource_group.name,
workspace_name=workspace.name,
collation="SQL_Latin1_General_CP1_CI_AS",
create_mode="Default",
sku=synapse.SkuArgs(
name="DW100c",
),
)
spark_pool = synapse.BigDataPool(
"Spark1",
resource_group_name=resource_group.name,
workspace_name=workspace.name,
auto_pause=synapse.AutoPausePropertiesArgs(
delay_in_minutes=15,
enabled=True,
),
auto_scale=synapse.AutoScalePropertiesArgs(
enabled=True,
max_node_count=3,
min_node_count=3,
),
node_count=3,
node_size="Small",
node_size_family="MemoryOptimized",
spark_version="2.4",
)