Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New resources: azurerm_ai_foundry azurerm_ai_foundry_project #27424

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

New resources: azurerm_ai_foundry azurerm_ai_foundry_project #27424

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
2d1ef69
create aiservices service package and move ai services resource into it
stephybun Sep 17, 2024
e3a0fc4
prevent unnecessary patch when creating ai services account when CMK …
stephybun Sep 18, 2024
9ed6a03
add ai services hub resource
stephybun Sep 18, 2024
c02af6e
add ai services project resource
stephybun Sep 18, 2024
e1a2b7f
change category for ai services account documentation
stephybun Sep 18, 2024
bcbeb16
add AI services subcategory
stephybun Sep 18, 2024
361acb1
terrafmt
stephybun Sep 18, 2024
04040db
make generate
stephybun Sep 18, 2024
33d6d86
remove debug comment
stephybun Sep 19, 2024
f2a02d2
rename resources to ai foundry
stephybun Nov 28, 2024
1e2ffb5
make generate
stephybun Nov 28, 2024
399b9e4
update documentation
stephybun Nov 28, 2024
afa745d
fix failing update test for ai services and update requires import er…
stephybun Nov 28, 2024
ee4f9a4
remove image_build_compute_name as this is ML specific and not valid …
stephybun Dec 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/labeler-issue-triage.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ service/logic:
- '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_logic_app_((.|\n)*)###'

service/machine-learning:
- '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_machine_learning_((.|\n)*)###'
- '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(ai_foundry|machine_learning_)((.|\n)*)###'

service/maintenance:
- '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(maintenance_|public_maintenance_configurations)((.|\n)*)###'
Expand Down
116 changes: 65 additions & 51 deletions internal/services/cognitive/ai_services_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"context"
"fmt"
"log"
"strings"
"time"

"github.com/hashicorp/go-azure-helpers/lang/pointer"
Expand Down Expand Up @@ -34,50 +35,61 @@ import (
"github.com/hashicorp/terraform-provider-azurerm/utils"
)

var _ sdk.ResourceWithUpdate = AzureAIServicesResource{}
var _ sdk.ResourceWithUpdate = AIServices{}

var _ sdk.ResourceWithCustomImporter = AzureAIServicesResource{}
var _ sdk.ResourceWithCustomImporter = AIServices{}

type AzureAIServicesResource struct{}
type AIServices struct{}

func (r AzureAIServicesResource) CustomImporter() sdk.ResourceRunFunc {
func (r AIServices) CustomImporter() sdk.ResourceRunFunc {
return func(ctx context.Context, metadata sdk.ResourceMetaData) error {
_, err := cognitiveservicesaccounts.ParseAccountID(metadata.ResourceData.Id())
id, err := cognitiveservicesaccounts.ParseAccountID(metadata.ResourceData.Id())
if err != nil {
return err
}

client := metadata.Client.Cognitive.AccountsClient
resp, err := client.AccountsGet(ctx, *id)
if err != nil || resp.Model == nil || resp.Model.Kind == nil {
return fmt.Errorf("retrieving %s: %+v", *id, err)
}

if !strings.EqualFold(*resp.Model.Kind, "AIServices") {
return fmt.Errorf("importing %s: specified account is not of kind `AIServices`, got `%s`", id, *resp.Model.Kind)
}

return nil
}
}

type AzureAIServicesVirtualNetworkRules struct {
type VirtualNetworkRules struct {
SubnetID string `tfschema:"subnet_id"`
IgnoreMissingVnetServiceEndpoint bool `tfschema:"ignore_missing_vnet_service_endpoint"`
}

type AzureAIServicesNetworkACLs struct {
DefaultAction string `tfschema:"default_action"`
IpRules []string `tfschema:"ip_rules"`
VirtualNetworkRules []AzureAIServicesVirtualNetworkRules `tfschema:"virtual_network_rules"`
type NetworkACLs struct {
DefaultAction string `tfschema:"default_action"`
IpRules []string `tfschema:"ip_rules"`
VirtualNetworkRules []VirtualNetworkRules `tfschema:"virtual_network_rules"`
}

type AzureAIServicesCustomerManagedKey struct {
type CustomerManagedKey struct {
IdentityClientID string `tfschema:"identity_client_id"`
KeyVaultKeyID string `tfschema:"key_vault_key_id"`
ManagedHsmKeyID string `tfschema:"managed_hsm_key_id"`
}

type AzureAIServicesResourceResourceModel struct {
type AIServicesModel struct {
Name string `tfschema:"name"`
ResourceGroupName string `tfschema:"resource_group_name"`
Location string `tfschema:"location"`
SkuName string `tfschema:"sku_name"`
CustomSubdomainName string `tfschema:"custom_subdomain_name"`
CustomerManagedKey []AzureAIServicesCustomerManagedKey `tfschema:"customer_managed_key"`
CustomerManagedKey []CustomerManagedKey `tfschema:"customer_managed_key"`
Fqdns []string `tfschema:"fqdns"`
Identity []identity.ModelSystemAssignedUserAssigned `tfschema:"identity"`
LocalAuthorizationEnabled bool `tfschema:"local_authentication_enabled"`
NetworkACLs []AzureAIServicesNetworkACLs `tfschema:"network_acls"`
NetworkACLs []NetworkACLs `tfschema:"network_acls"`
OutboundNetworkAccessRestricted bool `tfschema:"outbound_network_access_restricted"`
PublicNetworkAccess string `tfschema:"public_network_access"`
Tags map[string]string `tfschema:"tags"`
Expand All @@ -86,7 +98,7 @@ type AzureAIServicesResourceResourceModel struct {
SecondaryAccessKey string `tfschema:"secondary_access_key"`
}

func (AzureAIServicesResource) Arguments() map[string]*pluginsdk.Schema {
func (AIServices) Arguments() map[string]*pluginsdk.Schema {
return map[string]*pluginsdk.Schema{
"name": {
Type: pluginsdk.TypeString,
Expand Down Expand Up @@ -250,7 +262,7 @@ func (AzureAIServicesResource) Arguments() map[string]*pluginsdk.Schema {
}
}

func (AzureAIServicesResource) Attributes() map[string]*pluginsdk.Schema {
func (AIServices) Attributes() map[string]*pluginsdk.Schema {
return map[string]*pluginsdk.Schema{
"endpoint": {
Type: pluginsdk.TypeString,
Expand All @@ -271,19 +283,19 @@ func (AzureAIServicesResource) Attributes() map[string]*pluginsdk.Schema {
}
}

func (AzureAIServicesResource) ModelObject() interface{} {
return &AzureAIServicesResourceResourceModel{}
func (AIServices) ModelObject() interface{} {
return &AIServicesModel{}
}

func (AzureAIServicesResource) ResourceType() string {
func (AIServices) ResourceType() string {
return "azurerm_ai_services"
}

func (AzureAIServicesResource) Create() sdk.ResourceFunc {
func (AIServices) Create() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 180 * time.Minute,
Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
var model AzureAIServicesResourceResourceModel
var model AIServicesModel
if err := metadata.Decode(&model); err != nil {
return err
}
Expand All @@ -303,7 +315,7 @@ func (AzureAIServicesResource) Create() sdk.ResourceFunc {
return tf.ImportAsExistsError("azurerm_ai_services", id.ID())
}

networkACLs, subnetIds := expandAzureAIServicesNetworkACLs(model.NetworkACLs)
networkACLs, subnetIds := expandNetworkACLs(model.NetworkACLs)

// also lock on the Virtual Network ID's since modifications in the networking stack are exclusive
virtualNetworkNames := make([]string, 0)
Expand Down Expand Up @@ -348,15 +360,17 @@ func (AzureAIServicesResource) Create() sdk.ResourceFunc {
}

// creating with KV HSM takes more time than expected, at least hours in most cases and eventually terminated by service
customerManagedKey, err := expandAzureAIServicesCustomerManagedKey(model.CustomerManagedKey)
if err != nil {
return fmt.Errorf("expanding `customer_managed_key`: %+v", err)
}
if len(model.CustomerManagedKey) > 0 {
customerManagedKey, err := expandCustomerManagedKey(model.CustomerManagedKey)
if err != nil {
return fmt.Errorf("expanding `customer_managed_key`: %+v", err)
}

if customerManagedKey != nil {
props.Properties.Encryption = customerManagedKey
if err := client.AccountsUpdateThenPoll(ctx, id, props); err != nil {
return fmt.Errorf("updating %s: %+v", id, err)
if customerManagedKey != nil {
props.Properties.Encryption = customerManagedKey
if err := client.AccountsUpdateThenPoll(ctx, id, props); err != nil {
return fmt.Errorf("updating %s: %+v", id, err)
}
}
}

Expand All @@ -367,14 +381,14 @@ func (AzureAIServicesResource) Create() sdk.ResourceFunc {
}
}

func (AzureAIServicesResource) Read() sdk.ResourceFunc {
func (AIServices) Read() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 5 * time.Minute,
Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
client := metadata.Client.Cognitive.AccountsClient
env := metadata.Client.Account.Environment

state := AzureAIServicesResourceResourceModel{}
state := AIServicesModel{}
id, err := cognitiveservicesaccounts.ParseAccountID(metadata.ResourceData.Id())
if err != nil {
return err
Expand Down Expand Up @@ -406,7 +420,7 @@ func (AzureAIServicesResource) Read() sdk.ResourceFunc {
if props := model.Properties; props != nil {
state.Endpoint = pointer.From(props.Endpoint)
state.CustomSubdomainName = pointer.From(props.CustomSubDomainName)
state.NetworkACLs = flattenAzureAIServicesNetworkACLs(props.NetworkAcls)
state.NetworkACLs = flattenNetworkACLs(props.NetworkAcls)
state.Fqdns = pointer.From(props.AllowedFqdnList)

state.PublicNetworkAccess = string(pointer.From(props.PublicNetworkAccess))
Expand All @@ -430,7 +444,7 @@ func (AzureAIServicesResource) Read() sdk.ResourceFunc {
}
state.LocalAuthorizationEnabled = localAuthEnabled

customerManagedKey, err := flattenAzureAIServicesCustomerManagedKey(props.Encryption, env)
customerManagedKey, err := flattenCustomerManagedKey(props.Encryption, env)
if err != nil {
return fmt.Errorf("flattening `customer_managed_key`: %+v", err)
}
Expand All @@ -445,13 +459,13 @@ func (AzureAIServicesResource) Read() sdk.ResourceFunc {
}
}

func (AzureAIServicesResource) Update() sdk.ResourceFunc {
func (AIServices) Update() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 180 * time.Minute,
Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
client := metadata.Client.Cognitive.AccountsClient

var model AzureAIServicesResourceResourceModel
var model AIServicesModel

if err := metadata.Decode(&model); err != nil {
return err
Expand All @@ -472,7 +486,7 @@ func (AzureAIServicesResource) Update() sdk.ResourceFunc {

props := resp.Model
if metadata.ResourceData.HasChange("network_acls") {
networkACLs, subnetIds := expandAzureAIServicesNetworkACLs(model.NetworkACLs)
networkACLs, subnetIds := expandNetworkACLs(model.NetworkACLs)
locks.MultipleByName(&subnetIds, network.VirtualNetworkResourceName)
defer locks.UnlockMultipleByName(&subnetIds, network.VirtualNetworkResourceName)

Expand Down Expand Up @@ -525,7 +539,7 @@ func (AzureAIServicesResource) Update() sdk.ResourceFunc {
}

if metadata.ResourceData.HasChange("customer_managed_key") {
customerManagedKey, err := expandAzureAIServicesCustomerManagedKey(model.CustomerManagedKey)
customerManagedKey, err := expandCustomerManagedKey(model.CustomerManagedKey)
if err != nil {
return fmt.Errorf("expanding `customer_managed_key`: %+v", err)
}
Expand All @@ -552,7 +566,7 @@ func (AzureAIServicesResource) Update() sdk.ResourceFunc {
}
}

func (AzureAIServicesResource) Delete() sdk.ResourceFunc {
func (AIServices) Delete() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 180 * time.Minute,
Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
Expand Down Expand Up @@ -592,11 +606,11 @@ func (AzureAIServicesResource) Delete() sdk.ResourceFunc {
}
}

func (AzureAIServicesResource) IDValidationFunc() pluginsdk.SchemaValidateFunc {
func (AIServices) IDValidationFunc() pluginsdk.SchemaValidateFunc {
return cognitiveservicesaccounts.ValidateAccountID
}

func expandAzureAIServicesCustomerManagedKey(input []AzureAIServicesCustomerManagedKey) (*cognitiveservicesaccounts.Encryption, error) {
func expandCustomerManagedKey(input []CustomerManagedKey) (*cognitiveservicesaccounts.Encryption, error) {
if len(input) == 0 {
return &cognitiveservicesaccounts.Encryption{
KeySource: pointer.To(cognitiveservicesaccounts.KeySourceMicrosoftPointCognitiveServices),
Expand Down Expand Up @@ -638,15 +652,15 @@ func expandAzureAIServicesCustomerManagedKey(input []AzureAIServicesCustomerMana
return encryption, nil
}

func flattenAzureAIServicesCustomerManagedKey(input *cognitiveservicesaccounts.Encryption, env environments.Environment) ([]AzureAIServicesCustomerManagedKey, error) {
func flattenCustomerManagedKey(input *cognitiveservicesaccounts.Encryption, env environments.Environment) ([]CustomerManagedKey, error) {
if input == nil || *input.KeySource == cognitiveservicesaccounts.KeySourceMicrosoftPointCognitiveServices {
return []AzureAIServicesCustomerManagedKey{}, nil
return []CustomerManagedKey{}, nil
}

keyName := ""
keyVaultURI := ""
keyVersion := ""
customerManagerKey := AzureAIServicesCustomerManagedKey{}
customerManagerKey := CustomerManagedKey{}

if props := input.KeyVaultProperties; props != nil {
if props.KeyName != nil {
Expand Down Expand Up @@ -690,10 +704,10 @@ func flattenAzureAIServicesCustomerManagedKey(input *cognitiveservicesaccounts.E
}
}

return []AzureAIServicesCustomerManagedKey{customerManagerKey}, nil
return []CustomerManagedKey{customerManagerKey}, nil
}

func expandAzureAIServicesNetworkACLs(input []AzureAIServicesNetworkACLs) (*cognitiveservicesaccounts.NetworkRuleSet, []string) {
func expandNetworkACLs(input []NetworkACLs) (*cognitiveservicesaccounts.NetworkRuleSet, []string) {
subnetIds := make([]string, 0)
if len(input) == 0 {
return nil, subnetIds
Expand Down Expand Up @@ -731,9 +745,9 @@ func expandAzureAIServicesNetworkACLs(input []AzureAIServicesNetworkACLs) (*cogn
return &ruleSet, subnetIds
}

func flattenAzureAIServicesNetworkACLs(input *cognitiveservicesaccounts.NetworkRuleSet) []AzureAIServicesNetworkACLs {
func flattenNetworkACLs(input *cognitiveservicesaccounts.NetworkRuleSet) []NetworkACLs {
if input == nil {
return []AzureAIServicesNetworkACLs{}
return []NetworkACLs{}
}

ipRules := make([]string, 0)
Expand All @@ -743,7 +757,7 @@ func flattenAzureAIServicesNetworkACLs(input *cognitiveservicesaccounts.NetworkR
}
}

virtualNetworkRules := make([]AzureAIServicesVirtualNetworkRules, 0)
virtualNetworkRules := make([]VirtualNetworkRules, 0)
if input.VirtualNetworkRules != nil {
for _, v := range *input.VirtualNetworkRules {
id := v.Id
Expand All @@ -752,14 +766,14 @@ func flattenAzureAIServicesNetworkACLs(input *cognitiveservicesaccounts.NetworkR
id = subnetId.ID()
}

virtualNetworkRules = append(virtualNetworkRules, AzureAIServicesVirtualNetworkRules{
virtualNetworkRules = append(virtualNetworkRules, VirtualNetworkRules{
SubnetID: id,
IgnoreMissingVnetServiceEndpoint: pointer.From(v.IgnoreMissingVnetServiceEndpoint),
})
}
}

return []AzureAIServicesNetworkACLs{{
return []NetworkACLs{{
DefaultAction: string(*input.DefaultAction),
IpRules: ipRules,
VirtualNetworkRules: virtualNetworkRules,
Expand Down
Loading
Loading