azurerm_machine_learning_workspace - Add support for serverless_compute

[xuzhang3]

Add support for serverless_compute.custom_subnet_id, serverless_compute.no_public_ip_enabled`

Community Note

• Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
• Please do not leave "+1" or "me too" comments, they generate extra noise for PR followers and do not help prioritize for review

Description

PR Checklist

• I have followed the guidelines in our Contributing Documentation.
• I have checked to ensure there aren't other open Pull Requests for the same update/change.
• I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
• I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
• I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
  For example: “resource_name_here - description of change e.g. adding property new_property_name_here”

Changes to existing Resource / Data Source

• I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
• I have written new tests for my resource or datasource changes & updated any relevent documentation.
• I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
• (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

• My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

• azurerm_resource - support for the thing1 property [GH-00000]

This is a (please select all that apply):

• Bug Fix
• New Feature (ie adding a service, resource, or data source)
• Enhancement
• Breaking Change

Related Issue(s)

Fixes #0000

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

[stephybun]

Thanks @xuzhang3. Please take a look at the comments so far, once they've been fixed we can continue the review.

[stephybun]

This could be shortened to

Suggested change

	"custom_subnet_id": {
	"subnet_id": {

[stephybun]

Prefixing a boolean with no_ violates the naming standard we use for bools. This needs to become

Suggested change

	"no_public_ip_enabled": {
	"public_ip_enabled": {

[xuzhang3]

Can we keep this to no_public_ip_enabled? If renamed to public_ip_enabled we need to reverse the value before send to service or set to state. Also service will return the validation error such like: ValidationError: Not supported to update ServerlessComputeNoPublicIP from false to true when public network access is enabled and this validation may changed in the future. Users may confused by the error message because the name is not same to public_ip_enabled

[stephybun]

We have many instances where we flip the boolean values around in the provider to conform to the standards the provider has. In addition that error message indicates a limitation on when public_ip_enabled can be updated which means we should probably have some validation around this in the Create and Update methods and can thus return our own error message instead of relying on the API to error.

Given the above this property still needs to become public_ip_enabled.

[xuzhang3]

ok will update it

[katbyte]

we nhave a test failure

------- Stdout: -------
=== RUN   TestAccMachineLearningWorkspace_serverlessCompute
=== PAUSE TestAccMachineLearningWorkspace_serverlessCompute
=== CONT  TestAccMachineLearningWorkspace_serverlessCompute
    testcase.go:113: Step 1/2 error: Error running apply: exit status 1
        
        Error:  Not supported to set `public_ip_enabled` to `false` without `subnet_id` when `public_network_access_enabled` is `false`
        
          with azurerm_machine_learning_workspace.test,
          on terraform_plugin_test.tf line 86, in resource "azurerm_machine_learning_workspace" "test":
          86: resource "azurerm_machine_learning_workspace" "test" {
        
--- FAIL: TestAccMachineLearningWorkspace_serverlessCompute (342.14s)
FAIL

[xuzhang3]

=== RUN   TestAccMachineLearningWorkspace_serverlessCompute
=== PAUSE TestAccMachineLearningWorkspace_serverlessCompute
=== CONT  TestAccMachineLearningWorkspace_serverlessCompute
--- PASS: TestAccMachineLearningWorkspace_serverlessCompute (770.27s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/machinelearning       796.480s

[katbyte]

this needs to be updated

[xuzhang3]

delete the notes?

[xuzhang3]

to name the property serverlessComputeNoPublicIP to public_ip_enabled, value has been flipped. I add the constraint in the resource and also the doc.

[stephybun]

Thanks @xuzhang3. I left some comments in-line, once they're resolved we can run the tests and this should be good to go.

[stephybun]

We should use the Validation function from the commonids package for subnets

Suggested change

	ValidateFunc: networkValidate.SubnetID,
	ValidateFunc: commonids.ValidateSubnetID,

[stephybun]

Can we re-phrase this to something more actionable for the user

Suggested change

	return fmt.Errorf(" Not supported to set `public_ip_enabled` to `false` without `subnet_id` when `public_network_access_enabled` is `false`")
	return fmt.Errorf("`public_ip_enabled` must be set to `true` if `subnet_id` is not set and `public_network_access_enabled` is `false`")

[stephybun]

This logic looks like it belongs in a CustomizeDiff

[xuzhang3]

will add a CustomizeDiff for this

[xuzhang3]

Tried several ways to update this property, customers can still update it but it takes several steps. We can omit `CustomizeDiff``, cx can update the settings according to the error message.

1. Set the serverless_compute.subnet_id
2. They may need to add the a private link for this machine learning workspace.
3. Update the serverless_compute.public_ip_enabled from true to false

Error message cx may get:

Error: creating/updating Workspace (Subscription: "<sub id>"
Resource Group Name: "<rg name>"
Workspace Name: "xz3workspace16"): unexpected status 400 (400 Bad Request) with error: ValidationError: Found errors while validating Subnet Id <subnet id>. Subnet Diagnostic Result = WorkspaceVnet:ErrorCode=WorkspaceVnetConflictErrorMessage=The workspace does not have public access and does not have a VNET. Pleas
e either add a VNET to the workspace or enable public access. For more information, please refer to https://docs.microsoft.com/en-us/azure/machine-learning/how-to-configure-private-link?tabs=python#add-a-private-endpoint-to-a-workspace.

[stephybun]

Thanks for the explanation @xuzhang3.

Is this something we can do in the resource by calling the CreateOrUpdate method twice in the same apply if public_ip_enabled changes from true -> false?

e.g. First CreateOrUpdate call sets subnet_id
Second CreateOrUpdate call updated public_ip_enabled from true -> false

[xuzhang3]

no, the operation needs to be split into several steps

[stephybun]

Is that because of

2. They may need to add the a private link for this machine learning workspace.

Is this an external thing that they need to configure? What is meant by may are there situations where they don't need to?

[xuzhang3]

For example, I create a new MLW with following config and I want to set the serverless_compute.public_ip_enabled to false, I need to update the public_network_access_enabled and serverless_compute.subnet_id and I need add a private endpoint for this MLW then I can update the serverless_compute.public_ip_enabled, this is one of the scenario. Other scenario depends on the MLW configurations.

resource "azurerm_machine_learning_workspace" "example" {
  name                    = "mymlwexample"
  location                = azurerm_resource_group.example.location
  resource_group_name     = azurerm_resource_group.example.name
  application_insights_id = azurerm_application_insights.example.id
  key_vault_id            = azurerm_key_vault.example.id
  storage_account_id      = azurerm_storage_account.example.id

#  public_network_access_enabled = true

  image_build_compute_name = "terraformComputeUpdate11"

  serverless_compute {
#    subnet_id         = azurerm_subnet.test.id
    public_ip_enabled = true
  }

  identity {
    type = "SystemAssigned"
  }
}

[stephybun]

We should also add a test for the case where we don't supply subnet_id

[stephybun]

Suggested change

	An `serverless_compute` block supports the following:
	A `serverless_compute` block supports the following:

[stephybun]

This is just called subnet_id in the schema

Suggested change

	* `custom_subnet_id` - (Optional) The ID of an existing virtual network subnet in which serverless compute nodes should be deployed.
	* `subnet_id` - (Optional) The ID of an existing Virtual Network Subnet in which the serverless compute nodes should be deployed to.

[stephybun]

Suggested change

	* `no_public_ip_enabled` - (Optional) Is serverless compute nodes deployed in custom vNet would have no public IP addresses enabled for a workspace with private endpoint? Defaults to `false`.
	* `public_ip_enabled` - (Optional) Should serverless compute nodes deployed in a custom Virtual Network have public IP addresses enabled for a workspace with private endpoint? Defaults to `false`.

[stephybun]

We can consolidate these

Suggested change

	~> **Note:** Not supported to set `public_ip_enabled` to `false` without `subnet_id` when `public_network_access_enabled` is `false`.
	~> **Note:** Not supported to update `public_ip_enabled` from `true` to `false` when `subnet_id` is null or empty
	~> **Note:** `public_ip_enabled` cannot be updated from `true` to `false` when `subnet_id` is not set. `public_ip_enabled` must be set to `true` if `subnet_id` is not set and when `public_network_access_enabled` is `false`.

[xuzhang3]

=== RUN   TestAccMachineLearningWorkspace_serverlessCompute
=== PAUSE TestAccMachineLearningWorkspace_serverlessCompute
=== RUN   TestAccMachineLearningWorkspace_serverlessCompute_withoutSubnet
=== PAUSE TestAccMachineLearningWorkspace_serverlessCompute_withoutSubnet
=== CONT  TestAccMachineLearningWorkspace_serverlessCompute
=== CONT  TestAccMachineLearningWorkspace_serverlessCompute_withoutSubnet
--- PASS: TestAccMachineLearningWorkspace_serverlessCompute_withoutSubnet (499.09s)
--- PASS: TestAccMachineLearningWorkspace_serverlessCompute (502.25s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/machinelearning       519.115s

[xuzhang3]

@stephybun all changes has been updated

[stephybun]

Thanks @xuzhang3 LGTM 👍

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.