Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing managed_network field in the AzureML workspace resource #25733

Open
1 task done
fschlz opened this issue Apr 24, 2024 · 2 comments
Open
1 task done

Missing managed_network field in the AzureML workspace resource #25733

fschlz opened this issue Apr 24, 2024 · 2 comments
Labels
documentation service/machine-learning v/3.x waiting-response

Comments

@fschlz
Copy link

fschlz commented Apr 24, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.8.2

AzureRM Provider Version

3.100.0

Affected Resource(s)/Data Source(s)

azurerm_machine_learning_workspace

Terraform Configuration Files

resource "azurerm_machine_learning_workspace" "main" {
  name                    = "${var.prefix}-aml-main"
  location                = var.location
  resource_group_name     = var.resource_group_name
  tags                    = var.azure_tags
  application_insights_id = azurerm_application_insights.fforesight.id
  key_vault_id            = var.key_vault_id
  storage_account_id      = azurerm_storage_account.aml.id
  container_registry_id   = var.container_registry_id

  public_network_access_enabled = true

  identity {
    type = "SystemAssigned"
  }
}

Debug Output/Panic Output

I'm getting the following error:


│ Warning: Failed to decode resource from state

│ Error decoding "module.aml.azurerm_machine_learning_workspace.main" from prior state: unsupported attribute "managed_network"


I haven't set `managed_network`, and in the docs it is flagged as optional.
Also, this resource has existed for a while now, and previous runs today were successful.
We changed nothing regarding the AML resources, but randomly got the this error.

Expected Behaviour

managed_network is optional, so it should not be necessary to set.
Although, it is currently not possible to set it because when I do TF complains that it's not expected. (see screenshot)

image

Actual Behaviour

Provisioning fails, and TF complains that managed_network is unsupported.

Steps to Reproduce

terraform plan

Important Factoids

No response

References

No response
@sinbai
Copy link
Contributor

sinbai commented Apr 25, 2024

Hi @fschlz thanks for opening this issue. However, I am not able to reproduce the issue using AzureRM Provider Version 3.99.0 and the TF config below. Could you please provide a minimal reproducible TF config and repro steps to help reproduce/troubleshoot?


terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "3.99.0"
    }
  }
}

provider "azurerm" {
  features {}
}


data "azurerm_client_config" "current" {}

resource "azurerm_resource_group" "test" {
  name     = "testRG-ml-25733-0425"
  location = "eastus2"
}

resource "azurerm_application_insights" "test" {
  name                = "testai-25733-0425"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
  application_type    = "web"
}

resource "azurerm_key_vault" "test" {
  name                = "testvault257330425"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
  tenant_id           = data.azurerm_client_config.current.tenant_id

  sku_name = "standard"

  purge_protection_enabled = true
}

resource "azurerm_key_vault_access_policy" "test" {
  key_vault_id = azurerm_key_vault.test.id
  tenant_id    = data.azurerm_client_config.current.tenant_id
  object_id    = data.azurerm_client_config.current.object_id

  key_permissions = [
    "Create",
    "Get",
    "Delete",
    "Purge",
    "GetRotationPolicy",
  ]
}

resource "azurerm_storage_account" "test" {
  name                     = "testsa257330425"
  location                 = azurerm_resource_group.test.location
  resource_group_name      = azurerm_resource_group.test.name
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_container_registry" "test" {
  name                = "testacr257330425"
  resource_group_name = azurerm_resource_group.test.name
  location            = azurerm_resource_group.test.location
  sku                 = "Premium"
  admin_enabled       = true
}

resource "azurerm_machine_learning_workspace" "test" {
  name                    = "test-MLW-25733-0425"
  location                = azurerm_resource_group.test.location
  resource_group_name     = azurerm_resource_group.test.name
  application_insights_id = azurerm_application_insights.test.id
  key_vault_id            = azurerm_key_vault.test.id
  storage_account_id      = azurerm_storage_account.test.id
  container_registry_id   = azurerm_container_registry.test.id
  public_network_access_enabled = true
  identity {
    type = "SystemAssigned"
  }
}

Actual:
image

@skslalom
Copy link

Hi there.

I cannot find any way to set the outbound rules if managed_network is enabled with Allow Only Approved Outbound. How can the outbound rules be set?

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation service/machine-learning v/3.x waiting-response
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fschlz @sinbai @rcskosir @skslalom