Skip to content
CSA Loom — the Microsoft Fabric experience for Azure tenants where Fabric isn't yet available: lakehouses, warehouses, notebooks, semantic models, Activator rules, Data Agents, across Commercial, GCC, GCC-High, and DoD IL5

CSA Loom — v2.0 handoff (Synapse Dedicated + Serverless live)

Last updated: 2026-05-24 Status: v2.0 infra + app code merged on access-patterns-vpn-agw-fd; deploy in progress Branch: access-patterns-vpn-agw-fd (commit 966c1251)

What v2.0 ships

Two editors graduate from "visual stub" to real Azure-backed execution:

SynapseServerlessSqlPoolEditor (/items/synapse-serverless-sql-pool/<id>)

  • Real Run → POST /api/items/synapse-serverless-sql-pool/[id]/query
  • BFF authenticates as the uami-loom-console-eastus2 UAMI via DefaultAzureCredential, mints a https://database.windows.net/.default token, opens TDS to syn-loom-default-eastus2-ondemand.sql.azuresynapse.net via the private endpoint.
  • Schema tree fetched from /schema (real sys.databases + the DLZ bronze/silver/gold ADLS URLs for OPENROWSET samples).
  • Errors surface in a Fluent MessageBar with the SQL number, code, and message — no swallowing.

SynapseDedicatedSqlPoolEditor (/items/synapse-dedicated-sql-pool/<id>)

  • Dedicated pool provisioned: loompool (DW100c) on the existing syn-loom-default-eastus2 workspace, deployed via platform/fiab/bicep/modules/landing-zone/synapse.bicep.
  • Pool state badge (Online / Paused / Resuming / Pausing) reflects live ARM /sqlPools/loompool status, polled every 5 s while resuming.
  • Resume on demand: when the pool is Paused, clicking the editor's Resume button hits the BFF's /resume route which calls the ARM REST pauseAndResume.resume. UI shows a "Resuming pool (~1–2 min)" MessageBar and lights up Run + schema tree the instant the pool reaches Online.
  • Auto-pause Logic App (la-loom-synapse-autopause-default) fires daily at 04:00 UTC, checks properties.status, and pauses if Online. Cost while paused: storage only.
  • Manual pause button visible when pool is Online — also wired to ARM REST.
  • Real schema tree populated from sys.tables + sys.schemas + sys.partitions once the pool is Online; click a table to drop a SELECT TOP 100 * into the editor.

Resource inventory (production reality, post-deploy)

Resource Name Notes
Synapse workspace syn-loom-default-eastus2 Managed VNet, public access disabled
Serverless SQL endpoint …-ondemand.sql.azuresynapse.net Always-on, pay-per-TB
Dedicated pool loompool (DW100c) Auto-pause nightly; resume on demand
Private endpoint (Sql) pe-syn-loom-default-sql snet-private-endpoints on DLZ spoke
Private endpoint (SqlOnDemand) pe-syn-loom-default-sqlondemand same subnet
Private DNS zones privatelink.sql.azuresynapse.net, privatelink.dev.azuresynapse.net linked to hub VNet
AAD admin uami-loom-console-eastus2 service-principal type
ARM role Contributor on workspace granted to Console UAMI
Auto-pause Logic App la-loom-synapse-autopause-default System-assigned MI, Contributor on workspace

Container App env vars added (wired automatically by deploy-v2-synapse.sh)

LOOM_SUBSCRIPTION_ID          (sub guid)
LOOM_DLZ_RG                   rg-csa-loom-dlz-single-eastus2
LOOM_SYNAPSE_WORKSPACE        syn-loom-default-eastus2
LOOM_SYNAPSE_DEDICATED_POOL   loompool
LOOM_BRONZE_URL               https://saloom…/bronze
LOOM_SILVER_URL               https://saloom…/silver
LOOM_GOLD_URL                 https://saloom…/gold
LOOM_LANDING_URL              https://saloom…/landing

Code map

  • TDS clientapps/fiab-console/lib/azure/synapse-sql-client.ts
  • ARM clientapps/fiab-console/lib/azure/synapse-pool-arm.ts
  • BFF routesapps/fiab-console/app/api/items/synapse-{serverless,dedicated}-sql-pool/[id]/{query,schema,state,resume}/route.ts
  • Editorapps/fiab-console/lib/editors/synapse-sql-editors.tsx
  • Registryapps/fiab-console/lib/editors/registry.ts:62-63
  • Bicepplatform/fiab/bicep/modules/landing-zone/{synapse,synapse-auto-pause}.bicep
  • Deploy scriptscripts/csa-loom/deploy-v2-synapse.sh

How to redeploy from scratch

az login
bash scripts/csa-loom/deploy-v2-synapse.sh         # infra (idempotent)
git push                                             # if app code changed
gh workflow run full-app-deploy-commercial --ref access-patterns-vpn-agw-fd -f tag=v2.X -f skip_build=false -f enable_apps_after=false
gh run watch <id> --interval 30 --exit-status
az containerapp update -g rg-csa-loom-admin-eastus2 -n loom-console \
  --image acrloomm56yejezt7bjo.azurecr.io/loom-console:v2.X \
  --set-env-vars LOOM_VERSION=v2.X NEXT_PUBLIC_LOOM_VERSION=v2.X
node temp/uat-pw/uat-v2.0-synapse.mjs               # Synapse smoke
node temp/uat-pw/uat-v118.mjs                       # full 60-route regression

What's NOT yet wired (the honest list)

These editors still render visual stubs only — they look real, but the Run / Save / Execute actions are no-ops:

  • synapse-spark-pool (Spark pool config)
  • synapse-pipeline (Integrate canvas)
  • databricks-notebook, databricks-job, databricks-cluster, databricks-sql-warehouse
  • adf-pipeline, adf-dataset, adf-trigger
  • usql-job (ADLA — legacy, may stay stub)
  • All phase2-misc, phase3, phase4 editors (warehouse, eventhouse, KQL, ML, etc.)
  • All apim-* editors

Recommendation: v2.1 should wire Databricks SQL Warehouse next (same TDS pattern: AAD token → ODBC/JDBC to the workspace's SQL Warehouse endpoint, ARM cluster start/stop for resume-on-demand). Then APIM (REST API → APIM management plane) since it has the broadest catalog impact. Then Spark notebook execution via Databricks Jobs API.

Until those slices ship, the catalog should NOT advertise these as "fully working" — see the v2 backlog doc for the prioritized rollout schedule.

Risks / known limits

  • Pool resume latency: Dedicated DW100c takes ~60–90 s to reach Online from Paused. The editor handles this with a polling loop + MessageBar.
  • Pool storage cost (paused): ~$122/month at DW100c minimum (1 TB allocated, GRS). To eliminate even this, drop the pool entirely (run az synapse sql pool delete).
  • OBO not wired: BFF queries Synapse as the Console UAMI (single identity), not as the logged-in user. Synapse SQL audit logs show uami-loom-console-eastus2 as the principal. For per-user RLS in a later milestone, re-add homeAccountId to the session cookie (carefully — that's what the v1.13–v1.18 cookie saga was about) and switch to OBO.
  • Private endpoint DNS: The 2 new private DNS zones are linked only to the hub VNet. If a future Databricks-on-spoke pattern needs to query Synapse, add a spoke link too.

Resume command for next session

You're picking up CSA Loom v2.1. Read docs/fiab/v2.0-handoff.md.
Verify v2.0 still GREEN: node temp/uat-pw/uat-v2.0-synapse.mjs (must print "passed: 2, failed: 0").
Next slice: Databricks SQL Warehouse — same TDS pattern as Synapse Dedicated, with ARM /sqlWarehouses/{id}/start for resume-on-demand. Bicep already provisions the Databricks workspace; need to add a default Serverless SQL Warehouse + grant the Console UAMI Workspace Admin via Databricks REST.