Microsoft.MachineLearningServices workspaces/datastores 2022-12-01-preview
- Latest
- 2024-10-01
- 2024-10-01-preview
- 2024-07-01-preview
- 2024-04-01
- 2024-04-01-preview
- 2024-01-01-preview
- 2023-10-01
- 2023-08-01-preview
- 2023-06-01-preview
- 2023-04-01
- 2023-04-01-preview
- 2023-02-01-preview
- 2022-12-01-preview
- 2022-10-01
- 2022-10-01-preview
- 2022-06-01-preview
- 2022-05-01
- 2022-02-01-preview
- 2021-03-01-preview
- 2020-05-01-preview
Bicep resource definition
The workspaces/datastores resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.MachineLearningServices/workspaces/datastores resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.MachineLearningServices/workspaces/datastores@2022-12-01-preview' = {
name: 'string'
properties: {
credentials: {
credentialsType: 'string'
// For remaining properties, see DatastoreCredentials objects
}
description: 'string'
properties: {
{customized property}: 'string'
}
tags: {
{customized property}: 'string'
}
datastoreType: 'string'
// For remaining properties, see DatastoreProperties objects
}
}
DatastoreCredentials objects
Set the credentialsType property to specify the type of object.
For AccountKey, use:
{
credentialsType: 'AccountKey'
secrets: {
key: 'string'
secretsType: 'string'
}
}
For Certificate, use:
{
authorityUrl: 'string'
clientId: 'string'
credentialsType: 'Certificate'
resourceUrl: 'string'
secrets: {
certificate: 'string'
secretsType: 'string'
}
tenantId: 'string'
thumbprint: 'string'
}
For KerberosKeytab, use:
{
credentialsType: 'KerberosKeytab'
kerberosKdcAddress: 'string'
kerberosPrincipal: 'string'
kerberosRealm: 'string'
secrets: {
kerberosKeytab: 'string'
secretsType: 'string'
}
}
For KerberosPassword, use:
{
credentialsType: 'KerberosPassword'
kerberosKdcAddress: 'string'
kerberosPrincipal: 'string'
kerberosRealm: 'string'
secrets: {
kerberosPassword: 'string'
secretsType: 'string'
}
}
For None, use:
{
credentialsType: 'None'
}
For Sas, use:
{
credentialsType: 'Sas'
secrets: {
sasToken: 'string'
secretsType: 'string'
}
}
For ServicePrincipal, use:
{
authorityUrl: 'string'
clientId: 'string'
credentialsType: 'ServicePrincipal'
resourceUrl: 'string'
secrets: {
clientSecret: 'string'
secretsType: 'string'
}
tenantId: 'string'
}
DatastoreProperties objects
Set the datastoreType property to specify the type of object.
For AzureBlob, use:
{
accountName: 'string'
containerName: 'string'
datastoreType: 'AzureBlob'
endpoint: 'string'
protocol: 'string'
resourceGroup: 'string'
serviceDataAccessAuthIdentity: 'string'
subscriptionId: 'string'
}
For AzureDataLakeGen1, use:
{
datastoreType: 'AzureDataLakeGen1'
resourceGroup: 'string'
serviceDataAccessAuthIdentity: 'string'
storeName: 'string'
subscriptionId: 'string'
}
For AzureDataLakeGen2, use:
{
accountName: 'string'
datastoreType: 'AzureDataLakeGen2'
endpoint: 'string'
filesystem: 'string'
protocol: 'string'
resourceGroup: 'string'
serviceDataAccessAuthIdentity: 'string'
subscriptionId: 'string'
}
For AzureFile, use:
{
accountName: 'string'
datastoreType: 'AzureFile'
endpoint: 'string'
fileShareName: 'string'
protocol: 'string'
resourceGroup: 'string'
serviceDataAccessAuthIdentity: 'string'
subscriptionId: 'string'
}
For Hdfs, use:
{
datastoreType: 'Hdfs'
hdfsServerCertificate: 'string'
nameNodeAddress: 'string'
protocol: 'string'
}
Property values
AccountKeyDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'AccountKey' (required) |
| secrets | [Required] Storage account secrets. | AccountKeyDatastoreSecrets (required) |
AccountKeyDatastoreSecrets
| Name | Description | Value |
|---|---|---|
| key | Storage account key. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
AzureBlobDatastore
| Name | Description | Value |
|---|---|---|
| accountName | Storage account name. | string |
| containerName | Storage account container name. | string |
| datastoreType | [Required] Storage type backing the datastore. | 'AzureBlob' (required) |
| endpoint | Azure cloud endpoint for the storage account. | string |
| protocol | Protocol used to communicate with the storage account. | string |
| resourceGroup | Azure Resource Group name | string |
| serviceDataAccessAuthIdentity | Indicates which identity to use to authenticate service data access to customer's storage. | 'None' 'WorkspaceSystemAssignedIdentity' 'WorkspaceUserAssignedIdentity' |
| subscriptionId | Azure Subscription Id | string |
AzureDataLakeGen1Datastore
| Name | Description | Value |
|---|---|---|
| datastoreType | [Required] Storage type backing the datastore. | 'AzureDataLakeGen1' (required) |
| resourceGroup | Azure Resource Group name | string |
| serviceDataAccessAuthIdentity | Indicates which identity to use to authenticate service data access to customer's storage. | 'None' 'WorkspaceSystemAssignedIdentity' 'WorkspaceUserAssignedIdentity' |
| storeName | [Required] Azure Data Lake store name. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| subscriptionId | Azure Subscription Id | string |
AzureDataLakeGen2Datastore
| Name | Description | Value |
|---|---|---|
| accountName | [Required] Storage account name. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| datastoreType | [Required] Storage type backing the datastore. | 'AzureDataLakeGen2' (required) |
| endpoint | Azure cloud endpoint for the storage account. | string |
| filesystem | [Required] The name of the Data Lake Gen2 filesystem. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| protocol | Protocol used to communicate with the storage account. | string |
| resourceGroup | Azure Resource Group name | string |
| serviceDataAccessAuthIdentity | Indicates which identity to use to authenticate service data access to customer's storage. | 'None' 'WorkspaceSystemAssignedIdentity' 'WorkspaceUserAssignedIdentity' |
| subscriptionId | Azure Subscription Id | string |
AzureFileDatastore
| Name | Description | Value |
|---|---|---|
| accountName | [Required] Storage account name. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| datastoreType | [Required] Storage type backing the datastore. | 'AzureFile' (required) |
| endpoint | Azure cloud endpoint for the storage account. | string |
| fileShareName | [Required] The name of the Azure file share that the datastore points to. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| protocol | Protocol used to communicate with the storage account. | string |
| resourceGroup | Azure Resource Group name | string |
| serviceDataAccessAuthIdentity | Indicates which identity to use to authenticate service data access to customer's storage. | 'None' 'WorkspaceSystemAssignedIdentity' 'WorkspaceUserAssignedIdentity' |
| subscriptionId | Azure Subscription Id | string |
CertificateDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| authorityUrl | Authority URL used for authentication. | string |
| clientId | [Required] Service principal client ID. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ (required) |
| credentialsType | [Required] Credential type used to authentication with storage. | 'Certificate' (required) |
| resourceUrl | Resource the service principal has access to. | string |
| secrets | [Required] Service principal secrets. | CertificateDatastoreSecrets (required) |
| tenantId | [Required] ID of the tenant to which the service principal belongs. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ (required) |
| thumbprint | [Required] Thumbprint of the certificate used for authentication. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
CertificateDatastoreSecrets
| Name | Description | Value |
|---|---|---|
| certificate | Service principal certificate. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
DatastoreCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | Set to 'AccountKey' for type AccountKeyDatastoreCredentials. Set to 'Certificate' for type CertificateDatastoreCredentials. Set to 'KerberosKeytab' for type KerberosKeytabCredentials. Set to 'KerberosPassword' for type KerberosPasswordCredentials. Set to 'None' for type NoneDatastoreCredentials. Set to 'Sas' for type SasDatastoreCredentials. Set to 'ServicePrincipal' for type ServicePrincipalDatastoreCredentials. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'None' 'Sas' 'ServicePrincipal' (required) |
DatastoreProperties
| Name | Description | Value |
|---|---|---|
| credentials | [Required] Account credentials. | DatastoreCredentials (required) |
| datastoreType | Set to 'AzureBlob' for type AzureBlobDatastore. Set to 'AzureDataLakeGen1' for type AzureDataLakeGen1Datastore. Set to 'AzureDataLakeGen2' for type AzureDataLakeGen2Datastore. Set to 'AzureFile' for type AzureFileDatastore. Set to 'Hdfs' for type HdfsDatastore. | 'AzureBlob' 'AzureDataLakeGen1' 'AzureDataLakeGen2' 'AzureFile' 'Hdfs' (required) |
| description | The asset description text. | string |
| properties | The asset property dictionary. | ResourceBaseProperties |
| tags | Tag dictionary. Tags can be added, removed, and updated. | ResourceBaseTags |
HdfsDatastore
| Name | Description | Value |
|---|---|---|
| datastoreType | [Required] Storage type backing the datastore. | 'Hdfs' (required) |
| hdfsServerCertificate | The TLS cert of the HDFS server. Needs to be a base64 encoded string. Required if "Https" protocol is selected. | string |
| nameNodeAddress | [Required] IP Address or DNS HostName. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| protocol | Protocol used to communicate with the storage account (Https/Http). | string |
KerberosKeytabCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'KerberosKeytab' (required) |
| kerberosKdcAddress | [Required] IP Address or DNS HostName. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| kerberosPrincipal | [Required] Kerberos Username | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| kerberosRealm | [Required] Domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| secrets | [Required] Keytab secrets. | KerberosKeytabSecrets (required) |
KerberosKeytabSecrets
| Name | Description | Value |
|---|---|---|
| kerberosKeytab | Kerberos keytab secret. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
KerberosPasswordCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'KerberosPassword' (required) |
| kerberosKdcAddress | [Required] IP Address or DNS HostName. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| kerberosPrincipal | [Required] Kerberos Username | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| kerberosRealm | [Required] Domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| secrets | [Required] Kerberos password secrets. | KerberosPasswordSecrets (required) |
KerberosPasswordSecrets
| Name | Description | Value |
|---|---|---|
| kerberosPassword | Kerberos password secret. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
Microsoft.MachineLearningServices/workspaces/datastores
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9][a-zA-Z0-9\-_]{0,254}$ (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: workspaces |
| properties | [Required] Additional attributes of the entity. | DatastoreProperties (required) |
NoneDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'None' (required) |
ResourceBaseProperties
| Name | Description | Value |
|---|
ResourceBaseTags
| Name | Description | Value |
|---|
SasDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'Sas' (required) |
| secrets | [Required] Storage container secrets. | SasDatastoreSecrets (required) |
SasDatastoreSecrets
| Name | Description | Value |
|---|---|---|
| sasToken | Storage container SAS token. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
ServicePrincipalDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| authorityUrl | Authority URL used for authentication. | string |
| clientId | [Required] Service principal client ID. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ (required) |
| credentialsType | [Required] Credential type used to authentication with storage. | 'ServicePrincipal' (required) |
| resourceUrl | Resource the service principal has access to. | string |
| secrets | [Required] Service principal secrets. | ServicePrincipalDatastoreSecrets (required) |
| tenantId | [Required] ID of the tenant to which the service principal belongs. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ (required) |
ServicePrincipalDatastoreSecrets
| Name | Description | Value |
|---|---|---|
| clientSecret | Service principal secret. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
ARM template resource definition
The workspaces/datastores resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.MachineLearningServices/workspaces/datastores resource, add the following JSON to your template.
{
"type": "Microsoft.MachineLearningServices/workspaces/datastores",
"apiVersion": "2022-12-01-preview",
"name": "string",
"properties": {
"credentials": {
"credentialsType": "string"
// For remaining properties, see DatastoreCredentials objects
},
"description": "string",
"properties": {
"{customized property}": "string"
},
"tags": {
"{customized property}": "string"
},
"datastoreType": "string"
// For remaining properties, see DatastoreProperties objects
}
}
DatastoreCredentials objects
Set the credentialsType property to specify the type of object.
For AccountKey, use:
{
"credentialsType": "AccountKey",
"secrets": {
"key": "string",
"secretsType": "string"
}
}
For Certificate, use:
{
"authorityUrl": "string",
"clientId": "string",
"credentialsType": "Certificate",
"resourceUrl": "string",
"secrets": {
"certificate": "string",
"secretsType": "string"
},
"tenantId": "string",
"thumbprint": "string"
}
For KerberosKeytab, use:
{
"credentialsType": "KerberosKeytab",
"kerberosKdcAddress": "string",
"kerberosPrincipal": "string",
"kerberosRealm": "string",
"secrets": {
"kerberosKeytab": "string",
"secretsType": "string"
}
}
For KerberosPassword, use:
{
"credentialsType": "KerberosPassword",
"kerberosKdcAddress": "string",
"kerberosPrincipal": "string",
"kerberosRealm": "string",
"secrets": {
"kerberosPassword": "string",
"secretsType": "string"
}
}
For None, use:
{
"credentialsType": "None"
}
For Sas, use:
{
"credentialsType": "Sas",
"secrets": {
"sasToken": "string",
"secretsType": "string"
}
}
For ServicePrincipal, use:
{
"authorityUrl": "string",
"clientId": "string",
"credentialsType": "ServicePrincipal",
"resourceUrl": "string",
"secrets": {
"clientSecret": "string",
"secretsType": "string"
},
"tenantId": "string"
}
DatastoreProperties objects
Set the datastoreType property to specify the type of object.
For AzureBlob, use:
{
"accountName": "string",
"containerName": "string",
"datastoreType": "AzureBlob",
"endpoint": "string",
"protocol": "string",
"resourceGroup": "string",
"serviceDataAccessAuthIdentity": "string",
"subscriptionId": "string"
}
For AzureDataLakeGen1, use:
{
"datastoreType": "AzureDataLakeGen1",
"resourceGroup": "string",
"serviceDataAccessAuthIdentity": "string",
"storeName": "string",
"subscriptionId": "string"
}
For AzureDataLakeGen2, use:
{
"accountName": "string",
"datastoreType": "AzureDataLakeGen2",
"endpoint": "string",
"filesystem": "string",
"protocol": "string",
"resourceGroup": "string",
"serviceDataAccessAuthIdentity": "string",
"subscriptionId": "string"
}
For AzureFile, use:
{
"accountName": "string",
"datastoreType": "AzureFile",
"endpoint": "string",
"fileShareName": "string",
"protocol": "string",
"resourceGroup": "string",
"serviceDataAccessAuthIdentity": "string",
"subscriptionId": "string"
}
For Hdfs, use:
{
"datastoreType": "Hdfs",
"hdfsServerCertificate": "string",
"nameNodeAddress": "string",
"protocol": "string"
}
Property values
AccountKeyDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'AccountKey' (required) |
| secrets | [Required] Storage account secrets. | AccountKeyDatastoreSecrets (required) |
AccountKeyDatastoreSecrets
| Name | Description | Value |
|---|---|---|
| key | Storage account key. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
AzureBlobDatastore
| Name | Description | Value |
|---|---|---|
| accountName | Storage account name. | string |
| containerName | Storage account container name. | string |
| datastoreType | [Required] Storage type backing the datastore. | 'AzureBlob' (required) |
| endpoint | Azure cloud endpoint for the storage account. | string |
| protocol | Protocol used to communicate with the storage account. | string |
| resourceGroup | Azure Resource Group name | string |
| serviceDataAccessAuthIdentity | Indicates which identity to use to authenticate service data access to customer's storage. | 'None' 'WorkspaceSystemAssignedIdentity' 'WorkspaceUserAssignedIdentity' |
| subscriptionId | Azure Subscription Id | string |
AzureDataLakeGen1Datastore
| Name | Description | Value |
|---|---|---|
| datastoreType | [Required] Storage type backing the datastore. | 'AzureDataLakeGen1' (required) |
| resourceGroup | Azure Resource Group name | string |
| serviceDataAccessAuthIdentity | Indicates which identity to use to authenticate service data access to customer's storage. | 'None' 'WorkspaceSystemAssignedIdentity' 'WorkspaceUserAssignedIdentity' |
| storeName | [Required] Azure Data Lake store name. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| subscriptionId | Azure Subscription Id | string |
AzureDataLakeGen2Datastore
| Name | Description | Value |
|---|---|---|
| accountName | [Required] Storage account name. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| datastoreType | [Required] Storage type backing the datastore. | 'AzureDataLakeGen2' (required) |
| endpoint | Azure cloud endpoint for the storage account. | string |
| filesystem | [Required] The name of the Data Lake Gen2 filesystem. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| protocol | Protocol used to communicate with the storage account. | string |
| resourceGroup | Azure Resource Group name | string |
| serviceDataAccessAuthIdentity | Indicates which identity to use to authenticate service data access to customer's storage. | 'None' 'WorkspaceSystemAssignedIdentity' 'WorkspaceUserAssignedIdentity' |
| subscriptionId | Azure Subscription Id | string |
AzureFileDatastore
| Name | Description | Value |
|---|---|---|
| accountName | [Required] Storage account name. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| datastoreType | [Required] Storage type backing the datastore. | 'AzureFile' (required) |
| endpoint | Azure cloud endpoint for the storage account. | string |
| fileShareName | [Required] The name of the Azure file share that the datastore points to. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| protocol | Protocol used to communicate with the storage account. | string |
| resourceGroup | Azure Resource Group name | string |
| serviceDataAccessAuthIdentity | Indicates which identity to use to authenticate service data access to customer's storage. | 'None' 'WorkspaceSystemAssignedIdentity' 'WorkspaceUserAssignedIdentity' |
| subscriptionId | Azure Subscription Id | string |
CertificateDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| authorityUrl | Authority URL used for authentication. | string |
| clientId | [Required] Service principal client ID. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ (required) |
| credentialsType | [Required] Credential type used to authentication with storage. | 'Certificate' (required) |
| resourceUrl | Resource the service principal has access to. | string |
| secrets | [Required] Service principal secrets. | CertificateDatastoreSecrets (required) |
| tenantId | [Required] ID of the tenant to which the service principal belongs. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ (required) |
| thumbprint | [Required] Thumbprint of the certificate used for authentication. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
CertificateDatastoreSecrets
| Name | Description | Value |
|---|---|---|
| certificate | Service principal certificate. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
DatastoreCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | Set to 'AccountKey' for type AccountKeyDatastoreCredentials. Set to 'Certificate' for type CertificateDatastoreCredentials. Set to 'KerberosKeytab' for type KerberosKeytabCredentials. Set to 'KerberosPassword' for type KerberosPasswordCredentials. Set to 'None' for type NoneDatastoreCredentials. Set to 'Sas' for type SasDatastoreCredentials. Set to 'ServicePrincipal' for type ServicePrincipalDatastoreCredentials. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'None' 'Sas' 'ServicePrincipal' (required) |
DatastoreProperties
| Name | Description | Value |
|---|---|---|
| credentials | [Required] Account credentials. | DatastoreCredentials (required) |
| datastoreType | Set to 'AzureBlob' for type AzureBlobDatastore. Set to 'AzureDataLakeGen1' for type AzureDataLakeGen1Datastore. Set to 'AzureDataLakeGen2' for type AzureDataLakeGen2Datastore. Set to 'AzureFile' for type AzureFileDatastore. Set to 'Hdfs' for type HdfsDatastore. | 'AzureBlob' 'AzureDataLakeGen1' 'AzureDataLakeGen2' 'AzureFile' 'Hdfs' (required) |
| description | The asset description text. | string |
| properties | The asset property dictionary. | ResourceBaseProperties |
| tags | Tag dictionary. Tags can be added, removed, and updated. | ResourceBaseTags |
HdfsDatastore
| Name | Description | Value |
|---|---|---|
| datastoreType | [Required] Storage type backing the datastore. | 'Hdfs' (required) |
| hdfsServerCertificate | The TLS cert of the HDFS server. Needs to be a base64 encoded string. Required if "Https" protocol is selected. | string |
| nameNodeAddress | [Required] IP Address or DNS HostName. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| protocol | Protocol used to communicate with the storage account (Https/Http). | string |
KerberosKeytabCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'KerberosKeytab' (required) |
| kerberosKdcAddress | [Required] IP Address or DNS HostName. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| kerberosPrincipal | [Required] Kerberos Username | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| kerberosRealm | [Required] Domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| secrets | [Required] Keytab secrets. | KerberosKeytabSecrets (required) |
KerberosKeytabSecrets
| Name | Description | Value |
|---|---|---|
| kerberosKeytab | Kerberos keytab secret. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
KerberosPasswordCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'KerberosPassword' (required) |
| kerberosKdcAddress | [Required] IP Address or DNS HostName. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| kerberosPrincipal | [Required] Kerberos Username | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| kerberosRealm | [Required] Domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| secrets | [Required] Kerberos password secrets. | KerberosPasswordSecrets (required) |
KerberosPasswordSecrets
| Name | Description | Value |
|---|---|---|
| kerberosPassword | Kerberos password secret. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
Microsoft.MachineLearningServices/workspaces/datastores
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2022-12-01-preview' |
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9][a-zA-Z0-9\-_]{0,254}$ (required) |
| properties | [Required] Additional attributes of the entity. | DatastoreProperties (required) |
| type | The resource type | 'Microsoft.MachineLearningServices/workspaces/datastores' |
NoneDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'None' (required) |
ResourceBaseProperties
| Name | Description | Value |
|---|
ResourceBaseTags
| Name | Description | Value |
|---|
SasDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'Sas' (required) |
| secrets | [Required] Storage container secrets. | SasDatastoreSecrets (required) |
SasDatastoreSecrets
| Name | Description | Value |
|---|---|---|
| sasToken | Storage container SAS token. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
ServicePrincipalDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| authorityUrl | Authority URL used for authentication. | string |
| clientId | [Required] Service principal client ID. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ (required) |
| credentialsType | [Required] Credential type used to authentication with storage. | 'ServicePrincipal' (required) |
| resourceUrl | Resource the service principal has access to. | string |
| secrets | [Required] Service principal secrets. | ServicePrincipalDatastoreSecrets (required) |
| tenantId | [Required] ID of the tenant to which the service principal belongs. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ (required) |
ServicePrincipalDatastoreSecrets
| Name | Description | Value |
|---|---|---|
| clientSecret | Service principal secret. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Create a Blob Storage Datastore |
This template creates a blob storage datastore in Azure Machine Learning workspace. |
| Create a Databricks File System Datastore |
This template creates a Databricks File System datastore in Azure Machine Learning workspace. |
| Create a File Share Datastore |
This template creates a file share datastore in Azure Machine Learning workspace. |
| Create AML workspace with multiple Datasets & Datastores |
This template creates Azure Machine Learning workspace with multiple datasets & datastores. |
| Create an Azure ADLS Datastore |
This template creates a ADLS datastore in Azure Machine Learning workspace. |
| Create an Azure ADLS Gen2 Datastore |
This template creates a ADLS Gen2 datastore in Azure Machine Learning workspace. |
| Create an Azure MySQL Datastore |
This template creates a MySQL datastore in Azure Machine Learning workspace. |
| Create an Azure PostgreSQL Datastore |
This template creates a PostgreSQL datastore in Azure Machine Learning workspace. |
| Create an Azure SQL Datastore |
This template creates a SQL datastore in Azure Machine Learning workspace. |
Terraform (AzAPI provider) resource definition
The workspaces/datastores resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.MachineLearningServices/workspaces/datastores resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.MachineLearningServices/workspaces/datastores@2022-12-01-preview"
name = "string"
body = jsonencode({
properties = {
credentials = {
credentialsType = "string"
// For remaining properties, see DatastoreCredentials objects
}
description = "string"
properties = {
{customized property} = "string"
}
tags = {
{customized property} = "string"
}
datastoreType = "string"
// For remaining properties, see DatastoreProperties objects
}
})
}
DatastoreCredentials objects
Set the credentialsType property to specify the type of object.
For AccountKey, use:
{
credentialsType = "AccountKey"
secrets = {
key = "string"
secretsType = "string"
}
}
For Certificate, use:
{
authorityUrl = "string"
clientId = "string"
credentialsType = "Certificate"
resourceUrl = "string"
secrets = {
certificate = "string"
secretsType = "string"
}
tenantId = "string"
thumbprint = "string"
}
For KerberosKeytab, use:
{
credentialsType = "KerberosKeytab"
kerberosKdcAddress = "string"
kerberosPrincipal = "string"
kerberosRealm = "string"
secrets = {
kerberosKeytab = "string"
secretsType = "string"
}
}
For KerberosPassword, use:
{
credentialsType = "KerberosPassword"
kerberosKdcAddress = "string"
kerberosPrincipal = "string"
kerberosRealm = "string"
secrets = {
kerberosPassword = "string"
secretsType = "string"
}
}
For None, use:
{
credentialsType = "None"
}
For Sas, use:
{
credentialsType = "Sas"
secrets = {
sasToken = "string"
secretsType = "string"
}
}
For ServicePrincipal, use:
{
authorityUrl = "string"
clientId = "string"
credentialsType = "ServicePrincipal"
resourceUrl = "string"
secrets = {
clientSecret = "string"
secretsType = "string"
}
tenantId = "string"
}
DatastoreProperties objects
Set the datastoreType property to specify the type of object.
For AzureBlob, use:
{
accountName = "string"
containerName = "string"
datastoreType = "AzureBlob"
endpoint = "string"
protocol = "string"
resourceGroup = "string"
serviceDataAccessAuthIdentity = "string"
subscriptionId = "string"
}
For AzureDataLakeGen1, use:
{
datastoreType = "AzureDataLakeGen1"
resourceGroup = "string"
serviceDataAccessAuthIdentity = "string"
storeName = "string"
subscriptionId = "string"
}
For AzureDataLakeGen2, use:
{
accountName = "string"
datastoreType = "AzureDataLakeGen2"
endpoint = "string"
filesystem = "string"
protocol = "string"
resourceGroup = "string"
serviceDataAccessAuthIdentity = "string"
subscriptionId = "string"
}
For AzureFile, use:
{
accountName = "string"
datastoreType = "AzureFile"
endpoint = "string"
fileShareName = "string"
protocol = "string"
resourceGroup = "string"
serviceDataAccessAuthIdentity = "string"
subscriptionId = "string"
}
For Hdfs, use:
{
datastoreType = "Hdfs"
hdfsServerCertificate = "string"
nameNodeAddress = "string"
protocol = "string"
}
Property values
AccountKeyDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'AccountKey' (required) |
| secrets | [Required] Storage account secrets. | AccountKeyDatastoreSecrets (required) |
AccountKeyDatastoreSecrets
| Name | Description | Value |
|---|---|---|
| key | Storage account key. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
AzureBlobDatastore
| Name | Description | Value |
|---|---|---|
| accountName | Storage account name. | string |
| containerName | Storage account container name. | string |
| datastoreType | [Required] Storage type backing the datastore. | 'AzureBlob' (required) |
| endpoint | Azure cloud endpoint for the storage account. | string |
| protocol | Protocol used to communicate with the storage account. | string |
| resourceGroup | Azure Resource Group name | string |
| serviceDataAccessAuthIdentity | Indicates which identity to use to authenticate service data access to customer's storage. | 'None' 'WorkspaceSystemAssignedIdentity' 'WorkspaceUserAssignedIdentity' |
| subscriptionId | Azure Subscription Id | string |
AzureDataLakeGen1Datastore
| Name | Description | Value |
|---|---|---|
| datastoreType | [Required] Storage type backing the datastore. | 'AzureDataLakeGen1' (required) |
| resourceGroup | Azure Resource Group name | string |
| serviceDataAccessAuthIdentity | Indicates which identity to use to authenticate service data access to customer's storage. | 'None' 'WorkspaceSystemAssignedIdentity' 'WorkspaceUserAssignedIdentity' |
| storeName | [Required] Azure Data Lake store name. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| subscriptionId | Azure Subscription Id | string |
AzureDataLakeGen2Datastore
| Name | Description | Value |
|---|---|---|
| accountName | [Required] Storage account name. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| datastoreType | [Required] Storage type backing the datastore. | 'AzureDataLakeGen2' (required) |
| endpoint | Azure cloud endpoint for the storage account. | string |
| filesystem | [Required] The name of the Data Lake Gen2 filesystem. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| protocol | Protocol used to communicate with the storage account. | string |
| resourceGroup | Azure Resource Group name | string |
| serviceDataAccessAuthIdentity | Indicates which identity to use to authenticate service data access to customer's storage. | 'None' 'WorkspaceSystemAssignedIdentity' 'WorkspaceUserAssignedIdentity' |
| subscriptionId | Azure Subscription Id | string |
AzureFileDatastore
| Name | Description | Value |
|---|---|---|
| accountName | [Required] Storage account name. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| datastoreType | [Required] Storage type backing the datastore. | 'AzureFile' (required) |
| endpoint | Azure cloud endpoint for the storage account. | string |
| fileShareName | [Required] The name of the Azure file share that the datastore points to. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| protocol | Protocol used to communicate with the storage account. | string |
| resourceGroup | Azure Resource Group name | string |
| serviceDataAccessAuthIdentity | Indicates which identity to use to authenticate service data access to customer's storage. | 'None' 'WorkspaceSystemAssignedIdentity' 'WorkspaceUserAssignedIdentity' |
| subscriptionId | Azure Subscription Id | string |
CertificateDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| authorityUrl | Authority URL used for authentication. | string |
| clientId | [Required] Service principal client ID. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ (required) |
| credentialsType | [Required] Credential type used to authentication with storage. | 'Certificate' (required) |
| resourceUrl | Resource the service principal has access to. | string |
| secrets | [Required] Service principal secrets. | CertificateDatastoreSecrets (required) |
| tenantId | [Required] ID of the tenant to which the service principal belongs. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ (required) |
| thumbprint | [Required] Thumbprint of the certificate used for authentication. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
CertificateDatastoreSecrets
| Name | Description | Value |
|---|---|---|
| certificate | Service principal certificate. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
DatastoreCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | Set to 'AccountKey' for type AccountKeyDatastoreCredentials. Set to 'Certificate' for type CertificateDatastoreCredentials. Set to 'KerberosKeytab' for type KerberosKeytabCredentials. Set to 'KerberosPassword' for type KerberosPasswordCredentials. Set to 'None' for type NoneDatastoreCredentials. Set to 'Sas' for type SasDatastoreCredentials. Set to 'ServicePrincipal' for type ServicePrincipalDatastoreCredentials. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'None' 'Sas' 'ServicePrincipal' (required) |
DatastoreProperties
| Name | Description | Value |
|---|---|---|
| credentials | [Required] Account credentials. | DatastoreCredentials (required) |
| datastoreType | Set to 'AzureBlob' for type AzureBlobDatastore. Set to 'AzureDataLakeGen1' for type AzureDataLakeGen1Datastore. Set to 'AzureDataLakeGen2' for type AzureDataLakeGen2Datastore. Set to 'AzureFile' for type AzureFileDatastore. Set to 'Hdfs' for type HdfsDatastore. | 'AzureBlob' 'AzureDataLakeGen1' 'AzureDataLakeGen2' 'AzureFile' 'Hdfs' (required) |
| description | The asset description text. | string |
| properties | The asset property dictionary. | ResourceBaseProperties |
| tags | Tag dictionary. Tags can be added, removed, and updated. | ResourceBaseTags |
HdfsDatastore
| Name | Description | Value |
|---|---|---|
| datastoreType | [Required] Storage type backing the datastore. | 'Hdfs' (required) |
| hdfsServerCertificate | The TLS cert of the HDFS server. Needs to be a base64 encoded string. Required if "Https" protocol is selected. | string |
| nameNodeAddress | [Required] IP Address or DNS HostName. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| protocol | Protocol used to communicate with the storage account (Https/Http). | string |
KerberosKeytabCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'KerberosKeytab' (required) |
| kerberosKdcAddress | [Required] IP Address or DNS HostName. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| kerberosPrincipal | [Required] Kerberos Username | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| kerberosRealm | [Required] Domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| secrets | [Required] Keytab secrets. | KerberosKeytabSecrets (required) |
KerberosKeytabSecrets
| Name | Description | Value |
|---|---|---|
| kerberosKeytab | Kerberos keytab secret. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
KerberosPasswordCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'KerberosPassword' (required) |
| kerberosKdcAddress | [Required] IP Address or DNS HostName. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| kerberosPrincipal | [Required] Kerberos Username | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| kerberosRealm | [Required] Domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. | string Constraints: Pattern = [a-zA-Z0-9_] (required) |
| secrets | [Required] Kerberos password secrets. | KerberosPasswordSecrets (required) |
KerberosPasswordSecrets
| Name | Description | Value |
|---|---|---|
| kerberosPassword | Kerberos password secret. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
Microsoft.MachineLearningServices/workspaces/datastores
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9][a-zA-Z0-9\-_]{0,254}$ (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: workspaces |
| properties | [Required] Additional attributes of the entity. | DatastoreProperties (required) |
| type | The resource type | "Microsoft.MachineLearningServices/workspaces/datastores@2022-12-01-preview" |
NoneDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'None' (required) |
ResourceBaseProperties
| Name | Description | Value |
|---|
ResourceBaseTags
| Name | Description | Value |
|---|
SasDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| credentialsType | [Required] Credential type used to authentication with storage. | 'Sas' (required) |
| secrets | [Required] Storage container secrets. | SasDatastoreSecrets (required) |
SasDatastoreSecrets
| Name | Description | Value |
|---|---|---|
| sasToken | Storage container SAS token. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |
ServicePrincipalDatastoreCredentials
| Name | Description | Value |
|---|---|---|
| authorityUrl | Authority URL used for authentication. | string |
| clientId | [Required] Service principal client ID. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ (required) |
| credentialsType | [Required] Credential type used to authentication with storage. | 'ServicePrincipal' (required) |
| resourceUrl | Resource the service principal has access to. | string |
| secrets | [Required] Service principal secrets. | ServicePrincipalDatastoreSecrets (required) |
| tenantId | [Required] ID of the tenant to which the service principal belongs. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ (required) |
ServicePrincipalDatastoreSecrets
| Name | Description | Value |
|---|---|---|
| clientSecret | Service principal secret. | string |
| secretsType | [Required] Credential type used to authentication with storage. | 'AccountKey' 'Certificate' 'KerberosKeytab' 'KerberosPassword' 'Sas' 'ServicePrincipal' (required) |