Missing managed_network field in the AzureML workspace resource

fschlz commented 4 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.8.2

AzureRM Provider Version

3.100.0

Affected Resource(s)/Data Source(s)

azurerm_machine_learning_workspace

Terraform Configuration Files

resource "azurerm_machine_learning_workspace" "main" {
  name                    = "${var.prefix}-aml-main"
  location                = var.location
  resource_group_name     = var.resource_group_name
  tags                    = var.azure_tags
  application_insights_id = azurerm_application_insights.fforesight.id
  key_vault_id            = var.key_vault_id
  storage_account_id      = azurerm_storage_account.aml.id
  container_registry_id   = var.container_registry_id

  public_network_access_enabled = true

  identity {
    type = "SystemAssigned"
  }
}

Debug Output/Panic Output

I'm getting the following error:

│ Warning: Failed to decode resource from state
│ 
│ Error decoding "module.aml.azurerm_machine_learning_workspace.main" from prior state: unsupported attribute "managed_network"

I haven't set `managed_network`, and in the docs it is flagged as optional.
Also, this resource has existed for a while now, and previous runs today were successful.
We changed nothing regarding the AML resources, but randomly got the this error.

Expected Behaviour

managed_network is optional, so it should not be necessary to set. Although, it is currently not possible to set it because when I do TF complains that it's not expected. (see screenshot)

Actual Behaviour

Provisioning fails, and TF complains that managed_network is unsupported.

Steps to Reproduce

terraform plan

Important Factoids

No response

References

No response

sinbai commented 4 months ago

Hi @fschlz thanks for opening this issue. However, I am not able to reproduce the issue using AzureRM Provider Version 3.99.0 and the TF config below. Could you please provide a minimal reproducible TF config and repro steps to help reproduce/troubleshoot?


terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "3.99.0"
    }
  }
}

provider "azurerm" {
  features {}
}

data "azurerm_client_config" "current" {}

resource "azurerm_resource_group" "test" {
  name     = "testRG-ml-25733-0425"
  location = "eastus2"
}

resource "azurerm_application_insights" "test" {
  name                = "testai-25733-0425"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
  application_type    = "web"
}

resource "azurerm_key_vault" "test" {
  name                = "testvault257330425"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
  tenant_id           = data.azurerm_client_config.current.tenant_id

  sku_name = "standard"

  purge_protection_enabled = true
}

resource "azurerm_key_vault_access_policy" "test" {
  key_vault_id = azurerm_key_vault.test.id
  tenant_id    = data.azurerm_client_config.current.tenant_id
  object_id    = data.azurerm_client_config.current.object_id

  key_permissions = [
    "Create",
    "Get",
    "Delete",
    "Purge",
    "GetRotationPolicy",
  ]
}

resource "azurerm_storage_account" "test" {
  name                     = "testsa257330425"
  location                 = azurerm_resource_group.test.location
  resource_group_name      = azurerm_resource_group.test.name
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_container_registry" "test" {
  name                = "testacr257330425"
  resource_group_name = azurerm_resource_group.test.name
  location            = azurerm_resource_group.test.location
  sku                 = "Premium"
  admin_enabled       = true
}

resource "azurerm_machine_learning_workspace" "test" {
  name                    = "test-MLW-25733-0425"
  location                = azurerm_resource_group.test.location
  resource_group_name     = azurerm_resource_group.test.name
  application_insights_id = azurerm_application_insights.test.id
  key_vault_id            = azurerm_key_vault.test.id
  storage_account_id      = azurerm_storage_account.test.id
  container_registry_id   = azurerm_container_registry.test.id
  public_network_access_enabled = true
  identity {
    type = "SystemAssigned"
  }
}

Actual:

skslalom commented 4 months ago

Hi there.

I cannot find any way to set the outbound rules if managed_network is enabled with Allow Only Approved Outbound. How can the outbound rules be set?

Thank you!

rcskosir commented 2 days ago

Thanks for taking the time to submit this issue. @sinbai was unable to reproduce this behavior. We’re going to close this issue for now, but if you run into this again with the latest Terraform and Provider versions, please feel free to open a new issue.

@skslalom We ask that broader questions are raised using one of the Community Resources, such as the Azure Provider forum.

hashicorp / terraform-provider-azurerm