Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_machine_learning_workspace - Add support for serverless_compute #25660

Merged
merged 10 commits into from
May 29, 2024

Conversation

xuzhang3
Copy link
Contributor

Add support for serverless_compute.custom_subnet_id, serverless_compute.no_public_ip_enabled`

Community Note

  • Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
  • Please do not leave "+1" or "me too" comments, they generate extra noise for PR followers and do not help prioritize for review

Description

PR Checklist

  • I have followed the guidelines in our Contributing Documentation.
  • I have checked to ensure there aren't other open Pull Requests for the same update/change.
  • I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
  • I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
  • I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
    For example: “resource_name_here - description of change e.g. adding property new_property_name_here

Changes to existing Resource / Data Source

  • I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
  • I have written new tests for my resource or datasource changes & updated any relevent documentation.
  • I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
  • (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

  • My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

  • azurerm_resource - support for the thing1 property [GH-00000]

This is a (please select all that apply):

  • Bug Fix
  • New Feature (ie adding a service, resource, or data source)
  • Enhancement
  • Breaking Change

Related Issue(s)

Fixes #0000

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @xuzhang3. Please take a look at the comments so far, once they've been fixed we can continue the review.

MaxItems: 1,
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"custom_subnet_id": {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could be shortened to

Suggested change
"custom_subnet_id": {
"subnet_id": {

Optional: true,
ValidateFunc: networkValidate.SubnetID,
},
"no_public_ip_enabled": {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prefixing a boolean with no_ violates the naming standard we use for bools. This needs to become

Suggested change
"no_public_ip_enabled": {
"public_ip_enabled": {

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we keep this to no_public_ip_enabled? If renamed to public_ip_enabled we need to reverse the value before send to service or set to state. Also service will return the validation error such like: ValidationError: Not supported to update ServerlessComputeNoPublicIP from false to true when public network access is enabled and this validation may changed in the future. Users may confused by the error message because the name is not same to public_ip_enabled

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have many instances where we flip the boolean values around in the provider to conform to the standards the provider has. In addition that error message indicates a limitation on when public_ip_enabled can be updated which means we should probably have some validation around this in the Create and Update methods and can thus return our own error message instead of relying on the API to error.

Given the above this property still needs to become public_ip_enabled.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok will update it

Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we nhave a test failure

------- Stdout: -------
=== RUN   TestAccMachineLearningWorkspace_serverlessCompute
=== PAUSE TestAccMachineLearningWorkspace_serverlessCompute
=== CONT  TestAccMachineLearningWorkspace_serverlessCompute
    testcase.go:113: Step 1/2 error: Error running apply: exit status 1
        
        Error:  Not supported to set `public_ip_enabled` to `false` without `subnet_id` when `public_network_access_enabled` is `false`
        
          with azurerm_machine_learning_workspace.test,
          on terraform_plugin_test.tf line 86, in resource "azurerm_machine_learning_workspace" "test":
          86: resource "azurerm_machine_learning_workspace" "test" {
        
--- FAIL: TestAccMachineLearningWorkspace_serverlessCompute (342.14s)
FAIL

@xuzhang3
Copy link
Contributor Author

xuzhang3 commented May 9, 2024

=== RUN   TestAccMachineLearningWorkspace_serverlessCompute
=== PAUSE TestAccMachineLearningWorkspace_serverlessCompute
=== CONT  TestAccMachineLearningWorkspace_serverlessCompute
--- PASS: TestAccMachineLearningWorkspace_serverlessCompute (770.27s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/machinelearning       796.480s

Comment on lines 431 to 435
* `no_public_ip_enabled` - (Optional) Is serverless compute nodes deployed in custom vNet would have no public IP addresses enabled for a workspace with private endpoint? Defaults to `false`.

~> **Note:** Not supported to set `public_ip_enabled` to `false` without `subnet_id` when `public_network_access_enabled` is `false`.

~> **Note:** Not supported to update `public_ip_enabled` from `true` to `false` when `subnet_id` is null or empty
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this needs to be updated

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

delete the notes?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to name the property serverlessComputeNoPublicIP to public_ip_enabled, value has been flipped. I add the constraint in the resource and also the doc.

Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @xuzhang3. I left some comments in-line, once they're resolved we can run the tests and this should be good to go.

"subnet_id": {
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: networkValidate.SubnetID,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should use the Validation function from the commonids package for subnets

Suggested change
ValidateFunc: networkValidate.SubnetID,
ValidateFunc: commonids.ValidateSubnetID,

serverlessCompute := expandMachineLearningWorkspaceServerlessCompute(d.Get("serverless_compute").([]interface{}))
if serverlessCompute != nil {
if *serverlessCompute.ServerlessComputeNoPublicIP && serverlessCompute.ServerlessComputeCustomSubnet == nil && !networkAccessBehindVnetEnabled {
return fmt.Errorf(" Not supported to set `public_ip_enabled` to `false` without `subnet_id` when `public_network_access_enabled` is `false`")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we re-phrase this to something more actionable for the user

Suggested change
return fmt.Errorf(" Not supported to set `public_ip_enabled` to `false` without `subnet_id` when `public_network_access_enabled` is `false`")
return fmt.Errorf("`public_ip_enabled` must be set to `true` if `subnet_id` is not set and `public_network_access_enabled` is `false`")

Comment on lines +345 to +350
if serverlessCompute.ServerlessComputeCustomSubnet == nil {
oldVal, newVal := d.GetChange("serverless_compute.0.public_ip_enabled")
if oldVal.(bool) && !newVal.(bool) {
return fmt.Errorf(" Not supported to update `public_ip_enabled` from `true` to `false` when `subnet_id` is null or empty")
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This logic looks like it belongs in a CustomizeDiff

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will add a CustomizeDiff for this

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tried several ways to update this property, customers can still update it but it takes several steps. We can omit `CustomizeDiff``, cx can update the settings according to the error message.

  1. Set the serverless_compute.subnet_id
  2. They may need to add the a private link for this machine learning workspace.
  3. Update the serverless_compute.public_ip_enabled from true to false

Error message cx may get:

Error: creating/updating Workspace (Subscription: "<sub id>"
Resource Group Name: "<rg name>"
Workspace Name: "xz3workspace16"): unexpected status 400 (400 Bad Request) with error: ValidationError: Found errors while validating Subnet Id <subnet id>. Subnet Diagnostic Result = WorkspaceVnet:ErrorCode=WorkspaceVnetConflictErrorMessage=The workspace does not have public access and does not have a VNET. Pleas
e either add a VNET to the workspace or enable public access. For more information, please refer to https://docs.microsoft.com/en-us/azure/machine-learning/how-to-configure-private-link?tabs=python#add-a-private-endpoint-to-a-workspace.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the explanation @xuzhang3.

Is this something we can do in the resource by calling the CreateOrUpdate method twice in the same apply if public_ip_enabled changes from true -> false?

e.g. First CreateOrUpdate call sets subnet_id
Second CreateOrUpdate call updated public_ip_enabled from true -> false

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no, the operation needs to be split into several steps

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that because of

  1. They may need to add the a private link for this machine learning workspace.

Is this an external thing that they need to configure? What is meant by may are there situations where they don't need to?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For example, I create a new MLW with following config and I want to set the serverless_compute.public_ip_enabled to false, I need to update the public_network_access_enabled and serverless_compute.subnet_id and I need add a private endpoint for this MLW then I can update the serverless_compute.public_ip_enabled, this is one of the scenario. Other scenario depends on the MLW configurations.

resource "azurerm_machine_learning_workspace" "example" {
  name                    = "mymlwexample"
  location                = azurerm_resource_group.example.location
  resource_group_name     = azurerm_resource_group.example.name
  application_insights_id = azurerm_application_insights.example.id
  key_vault_id            = azurerm_key_vault.example.id
  storage_account_id      = azurerm_storage_account.example.id

#  public_network_access_enabled = true

  image_build_compute_name = "terraformComputeUpdate11"

  serverless_compute {
#    subnet_id         = azurerm_subnet.test.id
    public_ip_enabled = true
  }

  identity {
    type = "SystemAssigned"
  }
}

Comment on lines +1214 to +1216
serverless_compute {
subnet_id = azurerm_subnet.test.id
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should also add a test for the case where we don't supply subnet_id

@@ -422,6 +424,18 @@ An `managed_network` block supports the following:

---

An `serverless_compute` block supports the following:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
An `serverless_compute` block supports the following:
A `serverless_compute` block supports the following:

@@ -422,6 +424,18 @@ An `managed_network` block supports the following:

---

An `serverless_compute` block supports the following:

* `custom_subnet_id` - (Optional) The ID of an existing virtual network subnet in which serverless compute nodes should be deployed.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just called subnet_id in the schema

Suggested change
* `custom_subnet_id` - (Optional) The ID of an existing virtual network subnet in which serverless compute nodes should be deployed.
* `subnet_id` - (Optional) The ID of an existing Virtual Network Subnet in which the serverless compute nodes should be deployed to.


* `custom_subnet_id` - (Optional) The ID of an existing virtual network subnet in which serverless compute nodes should be deployed.

* `no_public_ip_enabled` - (Optional) Is serverless compute nodes deployed in custom vNet would have no public IP addresses enabled for a workspace with private endpoint? Defaults to `false`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* `no_public_ip_enabled` - (Optional) Is serverless compute nodes deployed in custom vNet would have no public IP addresses enabled for a workspace with private endpoint? Defaults to `false`.
* `public_ip_enabled` - (Optional) Should serverless compute nodes deployed in a custom Virtual Network have public IP addresses enabled for a workspace with private endpoint? Defaults to `false`.

Comment on lines 433 to 435
~> **Note:** Not supported to set `public_ip_enabled` to `false` without `subnet_id` when `public_network_access_enabled` is `false`.

~> **Note:** Not supported to update `public_ip_enabled` from `true` to `false` when `subnet_id` is null or empty
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can consolidate these

Suggested change
~> **Note:** Not supported to set `public_ip_enabled` to `false` without `subnet_id` when `public_network_access_enabled` is `false`.
~> **Note:** Not supported to update `public_ip_enabled` from `true` to `false` when `subnet_id` is null or empty
~> **Note:** `public_ip_enabled` cannot be updated from `true` to `false` when `subnet_id` is not set. `public_ip_enabled` must be set to `true` if `subnet_id` is not set and when `public_network_access_enabled` is `false`.

2. rename no_public_ip_enabled to public_ip_enabled
3. add test case for serverless compute
4. update document
@xuzhang3
Copy link
Contributor Author

=== RUN   TestAccMachineLearningWorkspace_serverlessCompute
=== PAUSE TestAccMachineLearningWorkspace_serverlessCompute
=== RUN   TestAccMachineLearningWorkspace_serverlessCompute_withoutSubnet
=== PAUSE TestAccMachineLearningWorkspace_serverlessCompute_withoutSubnet
=== CONT  TestAccMachineLearningWorkspace_serverlessCompute
=== CONT  TestAccMachineLearningWorkspace_serverlessCompute_withoutSubnet
--- PASS: TestAccMachineLearningWorkspace_serverlessCompute_withoutSubnet (499.09s)
--- PASS: TestAccMachineLearningWorkspace_serverlessCompute (502.25s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/machinelearning       519.115s

@xuzhang3
Copy link
Contributor Author

@stephybun all changes has been updated

Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @xuzhang3 LGTM 👍

@stephybun stephybun merged commit 0263f62 into hashicorp:main May 29, 2024
37 checks passed
@github-actions github-actions bot added this to the v3.106.0 milestone May 29, 2024
stephybun added a commit that referenced this pull request May 29, 2024
Copy link

github-actions bot commented Jul 1, 2024

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 1, 2024
@xuzhang3 xuzhang3 deleted the f/mlw_serverless_compute branch August 14, 2024 02:37
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants