Reputation: 193
How to automate the activation of Synapse Workspace
I am following the official documentation for using Customer Managed Key (CMK) for double encryption for Synapse workspace. Now my question is how to automate this step?
I got the part of granting the Synapse workspace access to the key vault and did automate it with terraform. However, there seems to be no way to do the activation part with terrafrom (azurerm module) or api call.
Can someone give me an idea on how to approach this issue.
Upvotes: 0
Views: 1164
Answers (2)
Reputation: 11
As I've required this today: Using PowerShell directly, it easily works as following:
Update-AzSynapseWorkspaceKey -WorkspaceName YourWorkspaceName -Activate
Therefore the script only needs to be integrated into your terraform template, e.g. using https://www.terraform.io/docs/language/resources/provisioners/local-exec.html.
Of course, in this case, additional steps to authenticate within the Az-Cmdlets of PowerShell to Azure might be required.
added details, to answer question on how to do this in REST-API or Azure CLI
In the end, resource provisioning is all about REST APIs. PowerShell Modules, Azure CLI, Python SDK etc. are only wrappers doing the REST API magic in behind.
And this magic is no secret, but can be investigated:
- "--debug" option in Azure CLI, see https://learn.microsoft.com/en-us/cli/azure/get-started-with-azure-cli
- "$DebugPreference" Variable in PowerShell, see https://learn.microsoft.com/en-us/powershell/azure/troubleshooting?view=azps-6.3.0 This helps to identify the relevant REST APIs, if you want to do it by yourself.
REST API directly:
- Trigger activation
- HTTP Method: PUT
- Absolute Uri: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Synapse/workspaces/{workspaceName}/keys/default?api-version=2021-05-01
- Body:
- Check Workspace As activation is an async operation, check every few seconds and wait for: properties.encryption.cmk.status == "Consistent" Request:
- HTTP Method: GET
- Absolute Uri: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Synapse/workspaces/{workspaceName}?api-version=2021-05-01
Azure CLI:
- az synapse workspace key update: Activate a workspace and change it's state from pending to success state when the workspace is first being provisioned through updating a workspace's key. Switching to another CMK after activating the workspace needs to execute 'az synapse workspace update' instead.
- az synapse workspace show
Upvotes: 1
Reputation: 1866
There is no way to automate the activation process. We need to do it form portal manually.
Upvotes: 0
Related Questions
- Azure Synapse Analytics Workspace Deployment
- Assigning Synapse workspace to Storage Container using Terraform
- How to use service principal to create azure synapse workspace?
- Create Azure Automation Start/Stop solution through Terraform
- Create Azure Synapse Pipeline using Terraform
- How to automatically import resource to Terraform state?
- Azure Synapse Pipeline-Execute an executable on a onpremise server
- Terraform Azure VM Extension Custom Script from Local Script
- How to deploy automatically an Azure API management?
- Error creating Azure Synapse Pool with Terraform