Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New resource azurerm_azure_ai_services #26008

Merged
merged 29 commits into from
Aug 15, 2024

Conversation

xuzhang3
Copy link
Contributor

Community Note

  • Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
  • Please do not leave "+1" or "me too" comments, they generate extra noise for PR followers and do not help prioritize for review

Description

PR Checklist

  • I have followed the guidelines in our Contributing Documentation.
  • I have checked to ensure there aren't other open Pull Requests for the same update/change.
  • I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
  • I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
  • I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
    For example: “resource_name_here - description of change e.g. adding property new_property_name_here

Changes to existing Resource / Data Source

  • I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
  • I have written new tests for my resource or datasource changes & updated any relevent documentation.
  • I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
  • (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

  • My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

  • azurerm_resource - support for the thing1 property [GH-00000]

This is a (please select all that apply):

  • Bug Fix
  • New Feature (ie adding a service, resource, or data source)
  • Enhancement
  • Breaking Change

Related Issue(s)

Fixes #0000

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

@xuzhang3
Copy link
Contributor Author

=== RUN   TestAccCognitiveAIServicesAccount_basic
=== PAUSE TestAccCognitiveAIServicesAccount_basic
=== RUN   TestAccCognitiveAIServicesAccount_requiresImport
=== PAUSE TestAccCognitiveAIServicesAccount_requiresImport
=== RUN   TestAccCognitiveAIServicesAccount_complete
=== PAUSE TestAccCognitiveAIServicesAccount_complete
=== RUN   TestAccCognitiveAIServicesAccount_update
=== PAUSE TestAccCognitiveAIServicesAccount_update
=== RUN   TestAccCognitiveAIServicesAccount_networkACLsVirtualNetworkRules
=== PAUSE TestAccCognitiveAIServicesAccount_networkACLsVirtualNetworkRules
=== RUN   TestAccCognitiveAIServicesAccount_networkACLs
=== PAUSE TestAccCognitiveAIServicesAccount_networkACLs
=== RUN   TestAccCognitiveAIServicesAccount_identity
=== PAUSE TestAccCognitiveAIServicesAccount_identity
=== RUN   TestAccCognitiveAIServicesAccount_customerManagedKey
=== PAUSE TestAccCognitiveAIServicesAccount_customerManagedKey
=== CONT  TestAccCognitiveAIServicesAccount_basic
=== CONT  TestAccCognitiveAIServicesAccount_networkACLsVirtualNetworkRules
=== CONT  TestAccCognitiveAIServicesAccount_identity
=== CONT  TestAccCognitiveAIServicesAccount_requiresImport
=== CONT  TestAccCognitiveAIServicesAccount_networkACLs
=== CONT  TestAccCognitiveAIServicesAccount_update
--- PASS: TestAccCognitiveAIServicesAccount_requiresImport (288.59s)
--- PASS: TestAccCognitiveAIServicesAccount_networkACLs (419.91s)
--- PASS: TestAccCognitiveAIServicesAccount_identity (505.50s)
--- PASS: TestAccCognitiveAIServicesAccount_networkACLsVirtualNetworkRules (509.13s)
--- PASS: TestAccCognitiveAIServicesAccount_customerManagedKey (1402.96s)
--- PASS: TestAccCognitiveAIServicesAccount_update (1459.11s)
--- PASS: TestAccCognitiveAIServicesAccount_complete (1530.32s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/cognitive     1546.807s

Copy link
Contributor

@tombuildsstuff tombuildsstuff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hey @xuzhang3

I've taken a look through and left some comments inline, but there's a few questions in there - once those are resolved/clarified we can take another look through 👍

Thanks!

@@ -114,6 +118,8 @@ The `features` block supports the following:

* `cognitive_account` - (Optional) A `cognitive_account` block as defined below.

* `cognitive_account_ai_services` - (Optional) A `cognitive_account_ai_services` block as defined below.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we reuse the cognitive_account block for this purpose?

Suggested change
* `cognitive_account_ai_services` - (Optional) A `cognitive_account_ai_services` block as defined below.

Comment on lines 48 to 50
cognitive_account_ai_services {
purge_soft_delete_on_destroy = true
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we reuse the cognitive_account block for this purpose?

Suggested change
cognitive_account_ai_services {
purge_soft_delete_on_destroy = true
}

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xuzhang3 could we please do as tom suggests here and resue the cognitive account block and make ai_services a sub block of it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated, unused configs deleted.

Comment on lines 23 to 25
CognitiveAccountAIServices: CognitiveAccountAIServicesFeatures{
PurgeSoftDeleteOnDestroy: true,
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can reuse the CognitiveAccount block/toggle here

AppConfiguration AppConfigurationFeatures
ApplicationInsights ApplicationInsightFeatures
CognitiveAccount CognitiveAccountFeatures
CognitiveAccountAIServices CognitiveAccountAIServicesFeatures
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
CognitiveAccountAIServices CognitiveAccountAIServicesFeatures

Comment on lines 91 to 104
"cognitive_account_ai_services": {
Type: pluginsdk.TypeList,
Optional: true,
MaxItems: 1,
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"purge_soft_delete_on_destroy": {
Type: pluginsdk.TypeBool,
Optional: true,
Default: true,
},
},
},
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we reuse the cognitive_account block for this purpose?

Suggested change
"cognitive_account_ai_services": {
Type: pluginsdk.TypeList,
Optional: true,
MaxItems: 1,
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"purge_soft_delete_on_destroy": {
Type: pluginsdk.TypeBool,
Optional: true,
Default: true,
},
},
},
},

Comment on lines 209 to 213
"public_network_access_enabled": {
Type: pluginsdk.TypeBool,
Optional: true,
Default: true,
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we expose this as public_network_access with the constant values here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rename to public_network_access ? Sorry, I didn't get the point.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're moving away from using public_network_access_enabled, since the Azure API is gradually supporting three values for this field (Disabled, Enabled and SecuredByPerimeter) - as such new resources should expose this as a string field (we'll be making this a commonschema field in hashicorp/go-azure-helpers#238) - and existing resources will be updated in time.

As such, can we make this a string field, public_network_access, with the constant values being the possible values - rather than a boolean?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

public_network_access_enabled has been renamed to public_network_access

// also lock on the Virtual Network ID's since modifications in the networking stack are exclusive
virtualNetworkNames := make([]string, 0)
for _, v := range subnetIds {
subnetId, err := commonids.ParseSubnetIDInsensitively(v)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These'll be validated from the config, so can be parsed directly:

Suggested change
subnetId, err := commonids.ParseSubnetIDInsensitively(v)
subnetId, err := commonids.ParseSubnetID(v)

return err
}

id := cognitiveservicesaccounts.NewAccountID(subscriptionId, model.ResourceGroupName, model.Name)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can parse the ID from metadata.ID

Comment on lines 568 to 580
func aiServicesAccountStateRefreshFunc(ctx context.Context, client *cognitiveservicesaccounts.CognitiveServicesAccountsClient, id cognitiveservicesaccounts.AccountId) pluginsdk.StateRefreshFunc {
return func() (interface{}, string, error) {
res, err := client.AccountsGet(ctx, id)
if err != nil {
return nil, "", fmt.Errorf("polling for %s: %+v", id, err)
}

if res.Model != nil && res.Model.Properties != nil && res.Model.Properties.ProvisioningState != nil {
return res, string(*res.Model.Properties.ProvisioningState), nil
}
return nil, "", fmt.Errorf("unable to read provisioning state")
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hashicorp/go-azure-sdk should do this for you - is this an LRO/is there a bug in the API Definitions here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is copied from Cognitive Account and I just remove the unnecessary properties and codes

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, but presumably when doing so you've looked to see if these can be removed? As such, what's the API actually doing here, is the Swagger wrong and this is an LRO - or is there also an API bug going on here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, will remove the refresh part. There's only one API for cognitive account, keep everything the same is my first choice.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xuzhang3 with respect, you still haven’t answered my question: what’s the API actually doing here? Can you show the HTTP Request/Response of what’s being sent/coming back over the wire, so that we can understand if there’s another issue here?

Copy link
Contributor Author

@xuzhang3 xuzhang3 May 27, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tombuildsstuff the SDK can help handle the request, so I removed the state refresh and replaced by future.Poller.PollUntilDone

2. remove refresh codes
3. add lock for vnet resources
@xuzhang3

This comment was marked as duplicate.

@xuzhang3
Copy link
Contributor Author

@tombuildsstuff all required changes has been updated

Comment on lines 120 to 124
"key_vault_key_id": {
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: keyVaultValidate.NestedItemIdWithOptionalVersion,
},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xuzhang3 could we add in a mhsm_key_vault_key property like we now have in storage_account resource so we can support them properly?


"identity": commonschema.SystemAssignedUserAssignedIdentityOptional(),

"local_auth_enabled": {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xuzhang3 could wemplease update this as tom asked?

@xuzhang3
Copy link
Contributor Author

xuzhang3 commented Aug 2, 2024

@stephybun updated and all test passed in my local env

@xuzhang3 xuzhang3 closed this Aug 14, 2024
@xuzhang3 xuzhang3 deleted the f/cognitive_aiservice branch August 14, 2024 02:44
@xuzhang3 xuzhang3 restored the f/cognitive_aiservice branch August 14, 2024 02:52
@xuzhang3 xuzhang3 reopened this Aug 14, 2024
Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @xuzhang3. In addition to some of the unresolved comments and new comments left-inline, can you also rename all of the files from azure_ai_services_*.go to ai_services_*.go to reflect the resource name properly?

Once all of the comments are resolved and the file renames done I think this should be good to go.

Comment on lines 326 to 328
Kind: utils.String("AIServices"),
Location: utils.String(azure.NormalizeLocation(model.Location)),
Sku: &cognitiveservicesaccounts.Sku{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hasn't been addressed

return fmt.Errorf("waiting for creating of %s: %+v", id, err)
}

customMangedKey, err := expandAzureAIServicesCustomerManagedKey(model.CustomerManagedKey)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hasn't been addressed

Comment on lines 362 to 372
if customMangedKey != nil {
props.Properties.Encryption = customMangedKey
futureUpdate, err := client.AccountsUpdate(ctx, id, props)
if err != nil {
return fmt.Errorf("updating %s: %+v", id, err)
}

if err := futureUpdate.Poller.PollUntilDone(ctx); err != nil {
return fmt.Errorf("waiting for updating of %s: %+v", id, err)
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does this take so long for a HSM encryption and not for a regular KV, sounds like an API bug. Can you please:

  1. Raise this with the service team
  2. Leave a comment above this with the explanation that it takes longer with HSM encryption and that the update is more stable.

Comment on lines 550 to 559
future, err := client.AccountsUpdate(ctx, *id, *props)
if err != nil {
return fmt.Errorf("updating %s: %+v", id, err)
}

if err := future.Poller.PollUntilDone(ctx); err != nil {
return fmt.Errorf("waiting for updating of %s: %+v", id, err)
}

return nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
future, err := client.AccountsUpdate(ctx, *id, *props)
if err != nil {
return fmt.Errorf("updating %s: %+v", id, err)
}
if err := future.Poller.PollUntilDone(ctx); err != nil {
return fmt.Errorf("waiting for updating of %s: %+v", id, err)
}
return nil
if err := client.AccountsUpdateThenPoll(ctx, *id, *props); err != nil {
return fmt.Errorf("updating %s: %+v", id, err)
}
return nil

Comment on lines 359 to 366
futureUpdate, err := client.AccountsUpdate(ctx, id, props)
if err != nil {
return fmt.Errorf("updating %s: %+v", id, err)
}

if err := futureUpdate.Poller.PollUntilDone(ctx); err != nil {
return fmt.Errorf("waiting for updating of %s: %+v", id, err)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
futureUpdate, err := client.AccountsUpdate(ctx, id, props)
if err != nil {
return fmt.Errorf("updating %s: %+v", id, err)
}
if err := futureUpdate.Poller.PollUntilDone(ctx); err != nil {
return fmt.Errorf("waiting for updating of %s: %+v", id, err)
}
if err := client.AccountsUpdate(ctx, id, props); err != nil {
return fmt.Errorf("updating %s: %+v", id, err)
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you rename this file as well to reflect the resource name please?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, file name has been renamed.

Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @xuzhang3 LGTM 👍

@stephybun stephybun merged commit 65334cd into hashicorp:main Aug 15, 2024
35 checks passed
@github-actions github-actions bot added this to the v3.116.0 milestone Aug 15, 2024
stephybun added a commit that referenced this pull request Aug 16, 2024
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 16, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants