Add synapse 101

2022-11-08 12:47:54 +01:00 · 2022-11-08 12:47:54 +01:00 · 063a26bb31
commit 063a26bb31
parent 329bfd1f6e
9 changed files with 258 additions and 0 deletions
--- a/quickstart/101-synapse/.gitignore
+++ b/quickstart/101-synapse/.gitignore
@ -0,0 +1,11 @@
+# Terraform specific
+
+.terraform
+
+.terraform.lock.hcl
+terraform.tfstate
+terraform.tfstate.backup
+.terraform.tfstate.lock.info
+terraform.tfvars
+**.tfbackend
+state/
--- a/quickstart/101-synapse/README.md
+++ b/quickstart/101-synapse/README.md
@ -0,0 +1,51 @@
+# Azure Synapse Analytics workspace (public network connectivity)
+
+This deployment configuration specifies an [Azure Synapse Analytics workspace](https://learn.microsoft.com/en-us/azure/synapse-analytics/get-started-create-workspace), 
+and its associated resources including Azure Data Lake Storage (gen2), Synapse Spark Pool and Synapse SQL Pool.
+
+This configuration describes the minimal set of resources you require to get started with Azure Synapse Analytics.
+
+Network connectivity to the workspace is allowed over public endpoints, making this configuration suitable for open source projects or pilot environments.
+
+## Resources
+
+
+| Terraform Resource Type | Description |
+| - | - |
+| `azurerm_resource_group` | The resource group all resources get deployed into. |
+| `azurerm_storage_account` | An Azure Storage instance associated to the Azure Synapse Analytics workspace. |
+| `azurerm_synapse_workspace` | An Azure Synapse Analytics workspace instance. |
+| `azurerm_synapse_spark_pool` | An Azure Synapse Analytics spark pool. |
+| `azurerm_synapse_sql_pool` | An Azure Synapse Analytics dedicated SQL pool. |
+
+## Variables
+
+| Name | Description | Default |
+|-|-|-|
+| name | Name of the deployment | - |
+| environment | The deployment environment name (used for pre- and postfixing resource names) | dev  |
+| location | The Azure region used for deployments | East US |
+| aad_admin.login | The login name of the Azure AD Administrator of this Synapse Workspace | - |
+| aad_admin.object_id| The object id of the Azure AD Administrator of this Synapse Workspace | - |
+| aad_admin.tenant_id| The tenant id of the Azure AD Administrator of this Synapse Workspace | - |
+| synadmin_username| Specifies The login name of the SQL administrator | sqladminuser |
+| synadmin_password| The Password associated with the sql_administrator_login for the SQL administrator | ThisIsNotVerySecure! |
+| enable_syn_sparkpool| A feature flag to enable/disable the Spark pool | false |
+| enable_syn_sqlpool| A feature flag to enable/disable the SQL pool | false |
+
+## Usage
+
+1. Copy `terraform.tfvars.example` to `terraform.tfvars`
+2. Update `terraform.tfvars` with your desired values
+3. Run Terraform
+    ```console
+    $ terraform init
+    $ terraform plan
+    $ terraform apply
+    ```
+
+## Learn more
+
+- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/overview-what-is).
+- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction).
+- For all configurations of Azure Synapse Analytics in Terraform, see [Terraform Hashicorp AzureRM provider documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace).
--- a/quickstart/101-synapse/locals.tf
+++ b/quickstart/101-synapse/locals.tf
@ -0,0 +1,10 @@
+locals {
+  tags = {
+    Toolkit = "Terraform"
+  }
+
+  safe_name        = replace(var.name, "-", "")
+  safe_environment = replace(var.environment, "-", "")
+
+  basename = "${var.name}-${var.environment}"
+}
--- a/quickstart/101-synapse/main.tf
+++ b/quickstart/101-synapse/main.tf
@ -0,0 +1,24 @@
+terraform {
+  required_providers {
+    azurerm = {
+      version = "= 3.30.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
+
+data "azurerm_client_config" "current" {}
+
+data "http" "ip" {
+  url = "https://ifconfig.me"
+}
+
+resource "azurerm_resource_group" "default" {
+  name     = "rg-${local.basename}"
+  location = var.location
+
+  tags = local.tags
+}
--- a/quickstart/101-synapse/storage_account.tf
+++ b/quickstart/101-synapse/storage_account.tf
@ -0,0 +1,36 @@
+resource "azurerm_storage_account" "default" {
+  name                     = "st${local.safe_name}${local.safe_environment}"
+  resource_group_name      = azurerm_resource_group.default.name
+  location                 = azurerm_resource_group.default.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+  account_kind             = "StorageV2"
+  is_hns_enabled           = true
+}
+
+resource "azurerm_role_assignment" "sbdc_current_user" {
+  scope                = azurerm_storage_account.default.id
+  role_definition_name = "Storage Blob Data Contributor"
+  principal_id         = data.azurerm_client_config.current.object_id
+}
+
+resource "azurerm_role_assignment" "sbdc_syn_ws" {
+  scope                = azurerm_storage_account.default.id
+  role_definition_name = "Storage Blob Data Contributor"
+  principal_id         = azurerm_synapse_workspace.default.identity[0].principal_id
+}
+
+resource "azurerm_role_assignment" "c_syn_ws" {
+  scope                = azurerm_storage_account.default.id
+  role_definition_name = "Contributor"
+  principal_id         = azurerm_synapse_workspace.default.identity[0].principal_id
+}
+
+resource "azurerm_storage_data_lake_gen2_filesystem" "default" {
+  name               = "default"
+  storage_account_id = azurerm_storage_account.default.id
+
+  depends_on = [
+    azurerm_role_assignment.sbdc_current_user
+  ]
+}
--- a/quickstart/101-synapse/synapse_pools.tf
+++ b/quickstart/101-synapse/synapse_pools.tf
@ -0,0 +1,28 @@
+# Sql Pool 
+
+resource "azurerm_synapse_sql_pool" "syn_pool_sql" {
+  name                 = "syndp01"
+  synapse_workspace_id = azurerm_synapse_workspace.default.id
+  sku_name             = "DW100c"
+  create_mode          = "Default"
+  count                = var.enable_syn_sqlpool ? 1 : 0
+}
+
+# Spark Pool 
+
+resource "azurerm_synapse_spark_pool" "syn_pool_spark" {
+  name                 = "synsp01"
+  synapse_workspace_id = azurerm_synapse_workspace.default.id
+  node_size_family     = "MemoryOptimized"
+  node_size            = "Small"
+  count                = var.enable_syn_sparkpool ? 1 : 0
+
+  auto_scale {
+    max_node_count = 50
+    min_node_count = 3
+  }
+
+  auto_pause {
+    delay_in_minutes = 15
+  }
+}
--- a/quickstart/101-synapse/synapse_workspace.tf
+++ b/quickstart/101-synapse/synapse_workspace.tf
@ -0,0 +1,32 @@
+resource "azurerm_synapse_workspace" "default" {
+  name                                 = "syn-${local.basename}"
+  resource_group_name                  = azurerm_resource_group.default.name
+  location                             = azurerm_resource_group.default.location
+  storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.default.id
+
+  sql_administrator_login          = var.synadmin_username
+  sql_administrator_login_password = var.synadmin_password
+
+  managed_resource_group_name = "${azurerm_resource_group.default.name}-syn-managed"
+
+  public_network_access_enabled = true
+
+  aad_admin {
+    login     = var.aad_login.name
+    object_id = var.aad_login.object_id
+    tenant_id = var.aad_login.tenant_id
+  }
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  tags = local.tags
+}
+
+resource "azurerm_synapse_firewall_rule" "allow_my_ip" {
+  name                 = "AllowMyPublicIp"
+  synapse_workspace_id = azurerm_synapse_workspace.default.id
+  start_ip_address     = data.http.ip.body
+  end_ip_address       = data.http.ip.body
+}
--- a/quickstart/101-synapse/terraform.tfvars.example
+++ b/quickstart/101-synapse/terraform.tfvars.example
@ -0,0 +1,12 @@
+name = "syn101"
+environment = "dev"
+location = "East US"
+
+aad_login = {
+  name = "azureuser@contoso.com"
+  object_id = "00000000-0000-0000-0000-000000000000"
+  tenant_id = "00000000-0000-0000-0000-000000000000"
+}
+
+enable_syn_sparkpool = true
+enable_syn_sqlpool = true
--- a/quickstart/101-synapse/variables.tf
+++ b/quickstart/101-synapse/variables.tf
@ -0,0 +1,54 @@
+variable "name" {
+  type        = string
+  description = "Name of the deployment"
+}
+
+variable "environment" {
+  type        = string
+  description = "Name of the environment"
+  default     = "dev"
+}
+
+variable "location" {
+  type        = string
+  description = "Location of the resources"
+  default     = "East US"
+}
+
+variable "aad_login" {
+  description = "AAD login"
+  type = object({
+    name      = string
+    object_id = string
+    tenant_id = string
+  })
+  default = {
+    name      = "AzureAD Admin"
+    object_id = "00000000-0000-0000-0000-000000000000"
+    tenant_id = "00000000-0000-0000-0000-000000000000"
+  }
+}
+
+variable "synadmin_username" {
+  type        = string
+  description = "Specifies The login name of the SQL administrator"
+  default     = "sqladminuser"
+}
+
+variable "synadmin_password" {
+  type        = string
+  description = "The Password associated with the sql_administrator_login for the SQL administrator"
+  default     = "ThisIsNotVerySecure!"
+}
+
+variable "enable_syn_sparkpool" {
+  type        = bool
+  description = "Variable to enable or disable Synapse Spark pool deployment"
+  default     = false
+}
+
+variable "enable_syn_sqlpool" {
+  type        = bool
+  description = "Variable to enable or disable Synapse Dedicated SQL pool deployment"
+  default     = false
+}