diff --git a/.changelog/34265.txt b/.changelog/34265.txt new file mode 100644 index 00000000000..52223e944e9 --- /dev/null +++ b/.changelog/34265.txt @@ -0,0 +1,19 @@ +```release-note:enhancement +resource/aws_sagemaker_domain: Add `default_user_settings.canvas_app_settings.direct_deploy_settings`, `default_user_settings.canvas_app_settings.identity_provider_oauth_settings` and `default_user_settings.canvas_app_settings.kendra_settings` arguments +``` + +```release-note:enhancement +resource/aws_sagemaker_user_profile: Add `default_user_settings.canvas_app_settings.direct_deploy_settings`, `default_user_settings.canvas_app_settings.identity_provider_oauth_settings` and `default_user_settings.canvas_app_settings.kendra_settings` arguments +``` + +```release-note:enhancement +resource/aws_sagemaker_domain: Change `default_space_settings.kernel_gateway_app_settings.custom_image`, `default_user_settings.kernel_gateway_app_settings.custom_image` and `default_user_settings.r_session_app_settings.custom_image` `MaxItems` from `30` to `200` +``` + +```release-note:enhancement +resource/aws_sagemaker_space: Change `space_settings.kernel_gateway_app_settings.custom_image` `MaxItems` from `30` to `200` +``` + +```release-note:bug +resource/aws_sagemaker_domain: Fix updating `default_space_settings.r_studio_server_pro_app_settings.access_status` from `ENABLED` to `DISABLED` +``` \ No newline at end of file diff --git a/internal/service/sagemaker/domain.go b/internal/service/sagemaker/domain.go index d0f780cdfc2..36eec699d65 100644 --- a/internal/service/sagemaker/domain.go +++ b/internal/service/sagemaker/domain.go @@ -178,7 +178,7 @@ func ResourceDomain() *schema.Resource { "custom_image": { Type: schema.TypeList, Optional: true, - MaxItems: 30, + MaxItems: 200, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "app_image_config_name": { @@ -225,6 +225,58 @@ func ResourceDomain() *schema.Resource { MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "direct_deploy_settings": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "status": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice(sagemaker.FeatureStatus_Values(), false), + }, + }, + }, + }, + "identity_provider_oauth_settings": { + Type: schema.TypeList, + Optional: true, + MaxItems: 20, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "data_source_name": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice(sagemaker.DataSourceName_Values(), false), + }, + "secret_arn": { + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidARN, + }, + "status": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice(sagemaker.FeatureStatus_Values(), false), + }, + }, + }, + }, + "kendra_settings": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "status": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice(sagemaker.FeatureStatus_Values(), false), + }, + }, + }, + }, "model_register_settings": { Type: schema.TypeList, Optional: true, @@ -393,7 +445,7 @@ func ResourceDomain() *schema.Resource { "custom_image": { Type: schema.TypeList, Optional: true, - MaxItems: 30, + MaxItems: 200, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "app_image_config_name": { @@ -478,7 +530,7 @@ func ResourceDomain() *schema.Resource { "custom_image": { Type: schema.TypeList, Optional: true, - MaxItems: 30, + MaxItems: 200, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "app_image_config_name": { @@ -1003,10 +1055,12 @@ func expandRStudioServerProAppSettings(l []interface{}) *sagemaker.RStudioServer if v, ok := m["access_status"].(string); ok && v != "" { config.AccessStatus = aws.String(v) - } - if v, ok := m["user_group"].(string); ok && v != "" { - config.UserGroup = aws.String(v) + if v == sagemaker.RStudioServerProAccessStatusEnabled { + if g, ok := m["user_group"].(string); ok && g != "" { + config.UserGroup = aws.String(g) + } + } } return config @@ -1154,6 +1208,9 @@ func expandCanvasAppSettings(l []interface{}) *sagemaker.CanvasAppSettings { m := l[0].(map[string]interface{}) config := &sagemaker.CanvasAppSettings{ + IdentityProviderOAuthSettings: expandIdentityProviderOAuthSettings(m["identity_provider_oauth_settings"].([]interface{})), + DirectDeploySettings: expandDirectDeploySettings(m["direct_deploy_settings"].([]interface{})), + KendraSettings: expandKendraSettings(m["kendra_settings"].([]interface{})), ModelRegisterSettings: expandModelRegisterSettings(m["model_register_settings"].([]interface{})), TimeSeriesForecastingSettings: expandTimeSeriesForecastingSettings(m["time_series_forecasting_settings"].([]interface{})), WorkspaceSettings: expandWorkspaceSettings(m["workspace_settings"].([]interface{})), @@ -1162,6 +1219,64 @@ func expandCanvasAppSettings(l []interface{}) *sagemaker.CanvasAppSettings { return config } +func expandKendraSettings(l []interface{}) *sagemaker.KendraSettings { + if len(l) == 0 || l[0] == nil { + return nil + } + + m := l[0].(map[string]interface{}) + + config := &sagemaker.KendraSettings{} + + if v, ok := m["status"].(string); ok && v != "" { + config.Status = aws.String(v) + } + + return config +} + +func expandDirectDeploySettings(l []interface{}) *sagemaker.DirectDeploySettings { + if len(l) == 0 || l[0] == nil { + return nil + } + + m := l[0].(map[string]interface{}) + + config := &sagemaker.DirectDeploySettings{} + + if v, ok := m["status"].(string); ok && v != "" { + config.Status = aws.String(v) + } + + return config +} + +func expandIdentityProviderOAuthSettings(l []interface{}) []*sagemaker.IdentityProviderOAuthSetting { + providers := make([]*sagemaker.IdentityProviderOAuthSetting, 0, len(l)) + + for _, eRaw := range l { + data := eRaw.(map[string]interface{}) + + provider := &sagemaker.IdentityProviderOAuthSetting{} + + if v, ok := data["data_source_name"].(string); ok && v != "" { + provider.DataSourceName = aws.String(v) + } + + if v, ok := data["secret_arn"].(string); ok && v != "" { + provider.SecretArn = aws.String(v) + } + + if v, ok := data["status"].(string); ok && v != "" { + provider.Status = aws.String(v) + } + + providers = append(providers, provider) + } + + return providers +} + func expandModelRegisterSettings(l []interface{}) *sagemaker.ModelRegisterSettings { if len(l) == 0 || l[0] == nil { return nil @@ -1435,6 +1550,9 @@ func flattenCanvasAppSettings(config *sagemaker.CanvasAppSettings) []map[string] } m := map[string]interface{}{ + "direct_deploy_settings": flattenDirectDeploySettings(config.DirectDeploySettings), + "identity_provider_oauth_settings": flattenIdentityProviderOAuthSettings(config.IdentityProviderOAuthSettings), + "kendra_settings": flattenKendraSettings(config.KendraSettings), "time_series_forecasting_settings": flattenTimeSeriesForecastingSettings(config.TimeSeriesForecastingSettings), "model_register_settings": flattenModelRegisterSettings(config.ModelRegisterSettings), "workspace_settings": flattenWorkspaceSettings(config.WorkspaceSettings), @@ -1443,6 +1561,54 @@ func flattenCanvasAppSettings(config *sagemaker.CanvasAppSettings) []map[string] return []map[string]interface{}{m} } +func flattenDirectDeploySettings(config *sagemaker.DirectDeploySettings) []map[string]interface{} { + if config == nil { + return []map[string]interface{}{} + } + + m := map[string]interface{}{ + "status": aws.StringValue(config.Status), + } + + return []map[string]interface{}{m} +} + +func flattenKendraSettings(config *sagemaker.KendraSettings) []map[string]interface{} { + if config == nil { + return []map[string]interface{}{} + } + + m := map[string]interface{}{ + "status": aws.StringValue(config.Status), + } + + return []map[string]interface{}{m} +} + +func flattenIdentityProviderOAuthSettings(config []*sagemaker.IdentityProviderOAuthSetting) []map[string]interface{} { + providers := make([]map[string]interface{}, 0, len(config)) + + for _, raw := range config { + provider := make(map[string]interface{}) + + if raw.DataSourceName != nil { + provider["data_source_name"] = aws.StringValue(raw.DataSourceName) + } + + if raw.SecretArn != nil { + provider["secret_arn"] = aws.StringValue(raw.SecretArn) + } + + if raw.Status != nil { + provider["status"] = aws.StringValue(raw.Status) + } + + providers = append(providers, provider) + } + + return providers +} + func flattenModelRegisterSettings(config *sagemaker.ModelRegisterSettings) []map[string]interface{} { if config == nil { return []map[string]interface{}{} diff --git a/internal/service/sagemaker/domain_test.go b/internal/service/sagemaker/domain_test.go index 53dcf4f7a0f..307e80ea7fb 100644 --- a/internal/service/sagemaker/domain_test.go +++ b/internal/service/sagemaker/domain_test.go @@ -311,6 +311,103 @@ func testAccDomain_modelRegisterSettings(t *testing.T) { }) } +func testAccDomain_kendraSettings(t *testing.T) { + ctx := acctest.Context(t) + var domain sagemaker.DescribeDomainOutput + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_sagemaker_domain.test" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, sagemaker.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckDomainDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccDomainConfig_kendraSettings(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckDomainExists(ctx, resourceName, &domain), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.canvas_app_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.canvas_app_settings.0.kendra_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.canvas_app_settings.0.kendra_settings.0.status", "DISABLED"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"retention_policy"}, + }, + }, + }) +} + +func testAccDomain_directDeploySettings(t *testing.T) { + ctx := acctest.Context(t) + var domain sagemaker.DescribeDomainOutput + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_sagemaker_domain.test" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, sagemaker.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckDomainDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccDomainConfig_directDeploySettings(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckDomainExists(ctx, resourceName, &domain), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.canvas_app_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.canvas_app_settings.0.direct_deploy_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.canvas_app_settings.0.direct_deploy_settings.0.status", "DISABLED"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"retention_policy"}, + }, + }, + }) +} + +func testAccDomain_identityProviderOAuthSettings(t *testing.T) { + ctx := acctest.Context(t) + var domain sagemaker.DescribeDomainOutput + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_sagemaker_domain.test" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, sagemaker.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckDomainDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccDomainConfig_identityProviderOAuthSettings(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckDomainExists(ctx, resourceName, &domain), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.canvas_app_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.canvas_app_settings.0.identity_provider_oauth_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.canvas_app_settings.0.identity_provider_oauth_settings.0.status", "DISABLED"), + resource.TestCheckResourceAttrPair(resourceName, "default_user_settings.0.canvas_app_settings.0.identity_provider_oauth_settings.0.secret_arn", "aws_secretsmanager_secret.test", "arn"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"retention_policy"}, + }, + }, + }) +} + func testAccDomain_workspaceSettings(t *testing.T) { ctx := acctest.Context(t) var domain sagemaker.DescribeDomainOutput @@ -453,7 +550,7 @@ func testAccDomain_rStudioServerProAppSettings(t *testing.T) { CheckDestroy: testAccCheckDomainDestroy(ctx), Steps: []resource.TestStep{ { - Config: testAccDomainConfig_rStudioServerProAppSettings(rName), + Config: testAccDomainConfig_rStudioServerProAppSettings(rName, "ENABLED"), Check: resource.ComposeTestCheckFunc( testAccCheckDomainExists(ctx, resourceName, &domain), resource.TestCheckResourceAttr(resourceName, "default_user_settings.#", "1"), @@ -468,6 +565,26 @@ func testAccDomain_rStudioServerProAppSettings(t *testing.T) { ImportStateVerify: true, ImportStateVerifyIgnore: []string{"retention_policy"}, }, + { + Config: testAccDomainConfig_rStudioServerProAppSettings(rName, "DISABLED"), + Check: resource.ComposeTestCheckFunc( + testAccCheckDomainExists(ctx, resourceName, &domain), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.r_studio_server_pro_app_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.r_studio_server_pro_app_settings.0.access_status", "DISABLED"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.r_studio_server_pro_app_settings.0.user_group", "R_STUDIO_ADMIN"), + ), + }, + { + Config: testAccDomainConfig_rStudioServerProAppSettings(rName, "ENABLED"), + Check: resource.ComposeTestCheckFunc( + testAccCheckDomainExists(ctx, resourceName, &domain), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.r_studio_server_pro_app_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.r_studio_server_pro_app_settings.0.access_status", "ENABLED"), + resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.r_studio_server_pro_app_settings.0.user_group", "R_STUDIO_ADMIN"), + ), + }, }, }) } @@ -1160,6 +1277,93 @@ resource "aws_sagemaker_domain" "test" { `, rName)) } +func testAccDomainConfig_kendraSettings(rName string) string { + return acctest.ConfigCompose(testAccDomainConfig_base(rName), fmt.Sprintf(` +resource "aws_sagemaker_domain" "test" { + domain_name = %[1]q + auth_mode = "IAM" + vpc_id = aws_vpc.test.id + subnet_ids = aws_subnet.test[*].id + + default_user_settings { + execution_role = aws_iam_role.test.arn + + canvas_app_settings { + kendra_settings { + status = "DISABLED" + } + } + } + + retention_policy { + home_efs_file_system = "Delete" + } +} +`, rName)) +} + +func testAccDomainConfig_directDeploySettings(rName string) string { + return acctest.ConfigCompose(testAccDomainConfig_base(rName), fmt.Sprintf(` +resource "aws_sagemaker_domain" "test" { + domain_name = %[1]q + auth_mode = "IAM" + vpc_id = aws_vpc.test.id + subnet_ids = aws_subnet.test[*].id + + default_user_settings { + execution_role = aws_iam_role.test.arn + + canvas_app_settings { + direct_deploy_settings { + status = "DISABLED" + } + } + } + + retention_policy { + home_efs_file_system = "Delete" + } +} +`, rName)) +} + +func testAccDomainConfig_identityProviderOAuthSettings(rName string) string { + return acctest.ConfigCompose(testAccDomainConfig_base(rName), fmt.Sprintf(` +resource "aws_secretsmanager_secret" "test" { + name = %[1]q +} + +resource "aws_secretsmanager_secret_version" "test" { + secret_id = aws_secretsmanager_secret.test.id + secret_string = jsonencode({ username = "example", password = "example" }) +} + +resource "aws_sagemaker_domain" "test" { + domain_name = %[1]q + auth_mode = "IAM" + vpc_id = aws_vpc.test.id + subnet_ids = aws_subnet.test[*].id + + default_user_settings { + execution_role = aws_iam_role.test.arn + + canvas_app_settings { + identity_provider_oauth_settings { + secret_arn = aws_secretsmanager_secret.test.arn + status = "DISABLED" + } + } + } + + retention_policy { + home_efs_file_system = "Delete" + } + + depends_on = [aws_secretsmanager_secret_version.test] +} +`, rName)) +} + func testAccDomainConfig_workspaceSettings(rName string) string { return acctest.ConfigCompose(testAccDomainConfig_base(rName), fmt.Sprintf(` resource "aws_s3_bucket" "test" { @@ -1325,7 +1529,7 @@ resource "aws_sagemaker_domain" "test" { `, rName)) } -func testAccDomainConfig_rStudioServerProAppSettings(rName string) string { +func testAccDomainConfig_rStudioServerProAppSettings(rName, state string) string { return acctest.ConfigCompose(testAccDomainConfig_base(rName), fmt.Sprintf(` resource "aws_sagemaker_domain" "test" { domain_name = %[1]q @@ -1337,7 +1541,7 @@ resource "aws_sagemaker_domain" "test" { execution_role = aws_iam_role.test.arn r_studio_server_pro_app_settings { - access_status = "ENABLED" + access_status = %[2]q user_group = "R_STUDIO_ADMIN" } } @@ -1346,7 +1550,7 @@ resource "aws_sagemaker_domain" "test" { home_efs_file_system = "Delete" } } -`, rName)) +`, rName, state)) } func testAccDomainConfig_kernelGatewayAppSettings(rName string) string { diff --git a/internal/service/sagemaker/sagemaker_test.go b/internal/service/sagemaker/sagemaker_test.go index 1a9d775a9a4..7291b919d7c 100644 --- a/internal/service/sagemaker/sagemaker_test.go +++ b/internal/service/sagemaker/sagemaker_test.go @@ -54,6 +54,9 @@ func TestAccSageMaker_serial(t *testing.T) { "defaultUserSettingsUpdated": testAccDomain_defaultUserSettingsUpdated, "canvas": testAccDomain_canvasAppSettings, "modelRegisterSettings": testAccDomain_modelRegisterSettings, + "identityProviderOauthSettings": testAccDomain_identityProviderOAuthSettings, + "directDeploySettings": testAccDomain_directDeploySettings, + "kendraSettings": testAccDomain_kendraSettings, "workspaceSettings": testAccDomain_workspaceSettings, "domainSettings": testAccDomain_domainSettings, "rSessionAppSettings": testAccDomain_rSessionAppSettings, diff --git a/internal/service/sagemaker/space.go b/internal/service/sagemaker/space.go index 0e92f559e75..8f54ee3c7a8 100644 --- a/internal/service/sagemaker/space.go +++ b/internal/service/sagemaker/space.go @@ -167,7 +167,7 @@ func ResourceSpace() *schema.Resource { "custom_image": { Type: schema.TypeList, Optional: true, - MaxItems: 30, + MaxItems: 200, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "app_image_config_name": { diff --git a/internal/service/sagemaker/user_profile.go b/internal/service/sagemaker/user_profile.go index efe72024ffb..c8298ecb36c 100644 --- a/internal/service/sagemaker/user_profile.go +++ b/internal/service/sagemaker/user_profile.go @@ -78,6 +78,58 @@ func ResourceUserProfile() *schema.Resource { MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "direct_deploy_settings": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "status": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice(sagemaker.FeatureStatus_Values(), false), + }, + }, + }, + }, + "identity_provider_oauth_settings": { + Type: schema.TypeSet, + Optional: true, + MaxItems: 20, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "data_source_name": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice(sagemaker.DataSourceName_Values(), false), + }, + "secret_arn": { + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidARN, + }, + "status": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice(sagemaker.FeatureStatus_Values(), false), + }, + }, + }, + }, + "kendra_settings": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "status": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice(sagemaker.FeatureStatus_Values(), false), + }, + }, + }, + }, "model_register_settings": { Type: schema.TypeList, Optional: true, @@ -251,7 +303,7 @@ func ResourceUserProfile() *schema.Resource { "custom_image": { Type: schema.TypeList, Optional: true, - MaxItems: 30, + MaxItems: 200, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "app_image_config_name": { @@ -330,7 +382,7 @@ func ResourceUserProfile() *schema.Resource { "custom_image": { Type: schema.TypeList, Optional: true, - MaxItems: 30, + MaxItems: 200, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "app_image_config_name": { diff --git a/website/docs/r/sagemaker_domain.html.markdown b/website/docs/r/sagemaker_domain.html.markdown index a9745b1cf12..7ec214d9bb9 100644 --- a/website/docs/r/sagemaker_domain.html.markdown +++ b/website/docs/r/sagemaker_domain.html.markdown @@ -132,10 +132,27 @@ The following arguments are optional: #### canvas_app_settings +* `direct_deploy_settings` - (Optional)The model deployment settings for the SageMaker Canvas application. See [Direct Deploy Settings](#direct_deploy_settings) below. +* `kendra_settings` - (Optional) The settings for document querying. See [Kendra Settings](#kendra_settings) below. +* `identity_provider_oauth_settings` - (Optional) The settings for connecting to an external data source with OAuth. See [Identity Provider OAuth Settings](#identity_provider_oauth_settings) below. * `model_register_settings` - (Optional) The model registry settings for the SageMaker Canvas application. See [Model Register Settings](#model_register_settings) below. * `time_series_forecasting_settings` - (Optional) Time series forecast settings for the Canvas app. See [Time Series Forecasting Settings](#time_series_forecasting_settings) below. * `workspace_settings` - (Optional) The workspace settings for the SageMaker Canvas application. See [Workspace Settings](#workspace_settings) below. +##### identity_provider_oauth_settings + +* `data_source_name` - (Optional)The name of the data source that you're connecting to. Canvas currently supports OAuth for Snowflake and Salesforce Data Cloud. Valid values are `SalesforceGenie` and `Snowflake`. +* `secret_arn` - (Optional) The ARN of an Amazon Web Services Secrets Manager secret that stores the credentials from your identity provider, such as the client ID and secret, authorization URL, and token URL. +* `status` - (Optional) Describes whether OAuth for a data source is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. + +##### direct_deploy_settings + +* `status` - (Optional)Describes whether model deployment permissions are enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. + +##### kendra_settings + +* `status` - (Optional) Describes whether the document querying feature is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. + ##### model_register_settings * `cross_account_model_register_role_arn` - (Optional) The Amazon Resource Name (ARN) of the SageMaker model registry account. Required only to register model versions created by a different SageMaker Canvas AWS account than the AWS account in which SageMaker model registry is set up. diff --git a/website/docs/r/sagemaker_user_profile.html.markdown b/website/docs/r/sagemaker_user_profile.html.markdown index 2e088477696..acc2601bc19 100644 --- a/website/docs/r/sagemaker_user_profile.html.markdown +++ b/website/docs/r/sagemaker_user_profile.html.markdown @@ -46,6 +46,9 @@ This resource supports the following arguments: #### Canvas App Settings +* `direct_deploy_settings` - (Optional)The model deployment settings for the SageMaker Canvas application. See [Direct Deploy Settings](#direct-deploy-settings) below. +* `kendra_settings` - (Optional) The settings for document querying. See [Kendra Settings](#kendra-settings) below. +* `identity_provider_oauth_settings` - (Optional) The settings for connecting to an external data source with OAuth. See [Identity Provider OAuth Settings](#identity-provider-oauth-settings) below. * `model_register_settings` - (Optional) The model registry settings for the SageMaker Canvas application. See [Model Register Settings](#model-register-settings) below. * `time_series_forecasting_settings` - (Optional) Time series forecast settings for the Canvas app. see [Time Series Forecasting Settings](#time-series-forecasting-settings) below. * `workspace_settings` - (Optional) The workspace settings for the SageMaker Canvas application. See [Workspace Settings](#workspace-settings) below. @@ -99,6 +102,20 @@ This resource supports the following arguments: * `image_name` - (Required) The name of the Custom Image. * `image_version_number` - (Optional) The version number of the Custom Image. +##### Identity Provider OAuth Settings + +* `data_source_name` - (Optional)The name of the data source that you're connecting to. Canvas currently supports OAuth for Snowflake and Salesforce Data Cloud. Valid values are `SalesforceGenie` and `Snowflake`. +* `secret_arn` - (Optional) The ARN of an Amazon Web Services Secrets Manager secret that stores the credentials from your identity provider, such as the client ID and secret, authorization URL, and token URL. +* `status` - (Optional) Describes whether OAuth for a data source is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. + +##### Direct Deploy Settings + +* `status` - (Optional)Describes whether model deployment permissions are enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. + +##### Kendra Settings + +* `status` - (Optional) Describes whether the document querying feature is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. + ##### Time Series Forecasting Settings * `amazon_forecast_role_arn` - (Optional) The IAM role that Canvas passes to Amazon Forecast for time series forecasting. By default, Canvas uses the execution role specified in the UserProfile that launches the Canvas app. If an execution role is not specified in the UserProfile, Canvas uses the execution role specified in the Domain that owns the UserProfile. To allow time series forecasting, this IAM role should have the [AmazonSageMakerCanvasForecastAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasForecastAccess) policy attached and forecast.amazonaws.com added in the trust relationship as a service principal.