azurerm_machine_learning_workspace - support for managed_network.isol…

…ation_mode (hashicorp#24951)

* azurerm_machine_learning_workspace - support for managed_network.isolation_mode

* make terrafmt

* add more skus

* fix test

* fix TestAccMachineLearningWorkspace_completeUpdate

internal/services/machinelearning/machine_learning_workspace_resource.go

@@ -189,6 +189,23 @@ func resourceMachineLearningWorkspace() *pluginsdk.Resource {
 				},
 			},
 
+			"managed_network": {
+				Type:     pluginsdk.TypeList,
+				Optional: true,
+				Computed: true,
+				MaxItems: 1,
+				Elem: &pluginsdk.Resource{
+					Schema: map[string]*pluginsdk.Schema{
+						"isolation_mode": {
+							Type:         pluginsdk.TypeString,
+							Optional:     true,
+							Computed:     true,
+							ValidateFunc: validation.StringInSlice(workspaces.PossibleValuesForIsolationMode(), false),
+						},
+					},
+				},
+			},
+
 			"friendly_name": {
 				Type:     pluginsdk.TypeString,
 				Optional: true,
@@ -288,12 +305,13 @@ func resourceMachineLearningWorkspaceCreateOrUpdate(d *pluginsdk.ResourceData, m
 
 		Identity: expandedIdentity,
 		Properties: &workspaces.WorkspaceProperties{
-			V1LegacyMode:        pointer.To(d.Get("v1_legacy_mode_enabled").(bool)),
-			Encryption:          expandedEncryption,
-			StorageAccount:      pointer.To(d.Get("storage_account_id").(string)),
 			ApplicationInsights: pointer.To(d.Get("application_insights_id").(string)),
+			Encryption:          expandedEncryption,
 			KeyVault:            pointer.To(d.Get("key_vault_id").(string)),
+			ManagedNetwork:      expandMachineLearningWorkspaceManagedNetwork(d.Get("managed_network").([]interface{})),
 			PublicNetworkAccess: pointer.To(workspaces.PublicNetworkAccessDisabled),
+			StorageAccount:      pointer.To(d.Get("storage_account_id").(string)),
+			V1LegacyMode:        pointer.To(d.Get("v1_legacy_mode_enabled").(bool)),
 		},
 	}
 
@@ -395,6 +413,7 @@ func resourceMachineLearningWorkspaceRead(d *pluginsdk.ResourceData, meta interf
 		d.Set("public_network_access_enabled", *props.PublicNetworkAccess == workspaces.PublicNetworkAccessEnabled)
 		d.Set("v1_legacy_mode_enabled", props.V1LegacyMode)
 		d.Set("workspace_id", props.WorkspaceId)
+		d.Set("managed_network", flattenMachineLearningWorkspaceManagedNetwork(props.ManagedNetwork))
 
 		kvId, err := commonids.ParseKeyVaultIDInsensitively(*props.KeyVault)
 		if err != nil {
@@ -618,3 +637,29 @@ func flattenMachineLearningWorkspaceFeatureStore(input *workspaces.FeatureStoreS
 		},
 	}
 }
+
+func expandMachineLearningWorkspaceManagedNetwork(i []interface{}) *workspaces.ManagedNetworkSettings {
+	if len(i) == 0 || i[0] == nil {
+		return nil
+	}
+
+	v := i[0].(map[string]interface{})
+
+	return &workspaces.ManagedNetworkSettings{
+		IsolationMode: pointer.To(workspaces.IsolationMode(v["isolation_mode"].(string))),
+	}
+}
+
+func flattenMachineLearningWorkspaceManagedNetwork(i *workspaces.ManagedNetworkSettings) *[]interface{} {
+	if i == nil {
+		return &[]interface{}{}
+	}
+
+	out := map[string]interface{}{}
+
+	if i.IsolationMode != nil {
+		out["isolation_mode"] = *i.IsolationMode
+	}
+
+	return &[]interface{}{out}
+}

internal/services/machinelearning/machine_learning_workspace_resource_test.go

@@ -407,7 +407,7 @@ resource "azurerm_container_registry" "test" {
   name                = "acctestacr%[2]d"
   resource_group_name = azurerm_resource_group.test.name
   location            = azurerm_resource_group.test.location
-  sku                 = "Standard"
+  sku                 = "Premium"
   admin_enabled       = true
 }
 
@@ -454,6 +454,10 @@ resource "azurerm_machine_learning_workspace" "test" {
     key_id       = azurerm_key_vault_key.test.id
   }
 
+  managed_network {
+    isolation_mode = "AllowInternetOutbound"
+  }
+
   tags = {
     ENV = "Test"
   }
@@ -470,7 +474,7 @@ resource "azurerm_container_registry" "test" {
   name                = "acctestacr%[2]d"
   resource_group_name = azurerm_resource_group.test.name
   location            = azurerm_resource_group.test.location
-  sku                 = "Standard"
+  sku                 = "Premium"
   admin_enabled       = true
 }
 

website/docs/r/machine_learning_workspace.html.markdown

@@ -376,6 +376,8 @@ The following arguments are supported:
 
 * `encryption` - (Optional) An `encryption` block as defined below. Changing this forces a new resource to be created.
 
+* `managed_network` - (Optional) A `managed_network` block as defined below.
+
 * `feature_store` - (Optional) A `feature_store` block as defined below.
 
 * `friendly_name` - (Optional) Display name for this Machine Learning Workspace.
@@ -386,7 +388,7 @@ The following arguments are supported:
 
 * `v1_legacy_mode_enabled` - (Optional) Enable V1 API features, enabling `v1_legacy_mode` may prevent you from using features provided by the v2 API. Defaults to `false`.
 
-* `sku_name` - (Optional) SKU/edition of the Machine Learning Workspace, possible values are `Basic`. Defaults to `Basic`.
+* `sku_name` - (Optional) SKU/edition of the Machine Learning Workspace, possible values are `Free`, `Basic`, `Standard` and `Premium`. Defaults to `Basic`.
 
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 
@@ -414,6 +416,12 @@ An `encryption` block supports the following:
 
 ---
 
+An `managed_network` block supports the following:
+
+* `isolation_mode` - (Optional) The isolation mode of the Machine Learning Workspace. Possible values are `Disabled`, `AllowOnlyApprovedOutbound`, and `AllowInternetOutbound`
+
+---
+
 An `feature_store` block supports the following:
 
 * `computer_spark_runtime_version` - (Optional) The version of Spark runtime.