fix 202-machine-learning-moderately-secure-existing-VNet

Azure · Sep 29, 2024 · ed2d575 · ed2d575
1 parent bd1b747
commit ed2d575
Show file tree

Hide file tree

Showing 5 changed files with 237 additions and 31 deletions.
diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/compute.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/compute.tf
@@ -1,6 +1,6 @@
 # Generate random string for unique compute instance name
 resource "random_string" "ci_prefix" {
-  length  = 8
+  length  = 4
   upper   = false
   special = false
   numeric = false
@@ -9,10 +9,9 @@ resource "random_string" "ci_prefix" {
 # Compute instance
 resource "azurerm_machine_learning_compute_instance" "compute_instance" {
   name                          = "${random_string.ci_prefix.result}instance"
-  location                      = azurerm_resource_group.default.location
   machine_learning_workspace_id = azurerm_machine_learning_workspace.default.id
   virtual_machine_size          = "STANDARD_DS2_V2"
-  subnet_resource_id            = data.azurerm_subnet.training.id
+  subnet_resource_id            = local.training_subnet_id
 
   depends_on = [
     azurerm_private_endpoint.mlw_ple
@@ -26,7 +25,7 @@ resource "azurerm_machine_learning_compute_cluster" "compute" {
   machine_learning_workspace_id = azurerm_machine_learning_workspace.default.id
   vm_priority                   = "Dedicated"
   vm_size                       = "STANDARD_DS2_V2"
-  subnet_resource_id            = data.azurerm_subnet.training.id
+  subnet_resource_id            = local.training_subnet_id
 
   identity {
     type = "SystemAssigned"

diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/main.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/main.tf
@@ -4,27 +4,36 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">=2.78.0, <3.0"
+      version = "~> 3.0"
     }
 
     azureml = {
       source  = "registry.terraform.io/orobix/azureml"
       version = "0.0.5"
     }
     random = {
-      source = "hashicorp/random"
+      source  = "hashicorp/random"
       version = "3.6.0"
     }
   }
 }
 
 provider "azurerm" {
-  features {}
+  features {
+    resource_group {
+        prevent_deletion_if_contains_resources = false
+    }
+    key_vault {
+      recover_soft_deleted_key_vaults    = false
+      purge_soft_delete_on_destroy       = false
+      purge_soft_deleted_keys_on_destroy = false
+    }
+  }
 }
 
 data "azurerm_client_config" "current" {}
 
 resource "azurerm_resource_group" "default" {
-  name     = "rg-${var.name}-${var.environment}"
+  name     = "rg-${var.name}-${var.environment}-${random_string.ci_prefix.result}"
   location = var.location
 }
diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/network.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/network.tf
@@ -1,23 +1,84 @@
 # Data Sources
 
+resource "azurerm_resource_group" "rg" {
+  count    = var.vnet_resource_group_name == null ? 1 : 0
+  location = var.location
+  name     = "202-machine-learning-moderately-secure-existing-vnet-${random_string.ci_prefix.result}"
+}
+
+locals {
+  resource_group_name = try(azurerm_resource_group.rg[0].name, var.vnet_resource_group_name)
+}
+
+resource "azurerm_virtual_network" "vnet" {
+  count               = var.vnet_name == null ? 1 : 0
+  address_space       = ["10.0.0.0/16"]
+  location            = var.location
+  name                = "202-machine-learning-moderately-secure-existing-vnet-${random_string.ci_prefix.result}"
+  resource_group_name = local.resource_group_name
+}
+
+locals {
+  vnet_name = try(azurerm_virtual_network.vnet[0].name, var.vnet_name)
+}
+
 data "azurerm_subnet" "training" {
+  count                = var.training_subnet_name == null ? 0 : 1
   name                 = var.training_subnet_name
-  virtual_network_name = var.vnet_name
-  resource_group_name  = var.vnet_resource_group_name
+  virtual_network_name = local.vnet_name
+  resource_group_name  = local.resource_group_name
+}
+
+resource "azurerm_subnet" "training" {
+  count                = var.training_subnet_name == null ? 1 : 0
+  virtual_network_name = local.vnet_name
+  resource_group_name  = local.resource_group_name
+  name                 = "training"
+  address_prefixes     = ["10.0.0.0/24"]
+}
+
+locals {
+  training_subnet_id = try(data.azurerm_subnet.training[0].id, azurerm_subnet.training[0].id)
 }
 
 data "azurerm_subnet" "aks" {
+  count                = var.aks_subnet_name == null ? 0 : 1
   name                 = var.aks_subnet_name
   virtual_network_name = var.vnet_name
   resource_group_name  = var.vnet_resource_group_name
 }
 
+resource "azurerm_subnet" "aks" {
+  count                = var.aks_subnet_name == null ? 1 : 0
+  address_prefixes     = ["10.0.1.0/24"]
+  name                 = "aks"
+  resource_group_name  = local.resource_group_name
+  virtual_network_name = local.vnet_name
+}
+
+locals {
+  aks_subnet_id = try(data.azurerm_subnet.aks[0].id, azurerm_subnet.aks[0].id)
+}
+
 data "azurerm_subnet" "ml" {
+  count                = var.ml_subnet_name == null ? 0 : 1
   name                 = var.ml_subnet_name
   virtual_network_name = var.vnet_name
   resource_group_name  = var.vnet_resource_group_name
 }
 
+resource "azurerm_subnet" "ml" {
+  count                = var.ml_subnet_name == null ? 1 : 0
+  address_prefixes     = ["10.0.2.0/24"]
+  name                 = "ml"
+  resource_group_name  = local.resource_group_name
+  virtual_network_name = local.vnet_name
+}
+
+locals {
+  ml_subnet_id = try(data.azurerm_subnet.ml[0].id, azurerm_subnet.ml[0].id)
+}
+
 # Network Security Groups
 resource "azurerm_network_security_group" "nsg-training" {
   name                = "nsg-training"
@@ -50,7 +111,7 @@ resource "azurerm_network_security_group" "nsg-training" {
 }
 
 resource "azurerm_subnet_network_security_group_association" "nsg-training-link" {
-  subnet_id                 = data.azurerm_subnet.training.id
+  subnet_id                 = local.training_subnet_id
   network_security_group_id = azurerm_network_security_group.nsg-training.id
 }
 
@@ -63,7 +124,7 @@ resource "azurerm_network_security_group" "nsg-aks" {
 }
 
 resource "azurerm_subnet_network_security_group_association" "nsg-aks-link" {
-  subnet_id                 = data.azurerm_subnet.aks.id
+  subnet_id                 = local.aks_subnet_id
   network_security_group_id = azurerm_network_security_group.nsg-aks.id
 }
 
@@ -101,7 +162,7 @@ resource "azurerm_route" "training-BatchRoute" {
 }
 
 resource "azurerm_subnet_route_table_association" "rt-training-link" {
-  subnet_id      = data.azurerm_subnet.training.id
+  subnet_id      = local.training_subnet_id
   route_table_id = azurerm_route_table.rt-training.id
 }
 
@@ -121,6 +182,6 @@ resource "azurerm_route" "aks-Internet-Route" {
 }
 
 resource "azurerm_subnet_route_table_association" "rt-aks-link" {
-  subnet_id      = data.azurerm_subnet.aks.id
+  subnet_id      = local.aks_subnet_id
   route_table_id = azurerm_route_table.rt-aks.id
 }
diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/variables.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/variables.tf
@@ -27,56 +27,67 @@ variable "image_build_compute_name" {
 variable "vnet_resource_group_name" {
   type        = string
   description = "Name of the resource group for the existing VNet"
+  default     = null
 }
 
 variable "vnet_name" {
   type        = string
   description = "Name of the existing VNet"
+  default     = null
 }
 
 variable "training_subnet_name" {
   type        = string
   description = "Name of the existing training subnet"
+  default     = null
 }
 
 variable "aks_subnet_name" {
   type        = string
   description = "Name of the existing aks subnet"
+  default     = null
 }
 
 variable "ml_subnet_name" {
   type        = string
   description = "Name of the existing ML workspace subnet"
+  default     = null
 }
 
 
 # Existing private DNS zones variables
 variable "privatelink_api_azureml_ms_resource_id" {
   type        = string
   description = "Resource ID of the existing privatelink.api.azureml.ms private dns zone"
+  default     = null
 }
 
 variable "privatelink_azurecr_io_resource_id" {
   type        = string
   description = "Resource ID of the existing privatelink.azurecr.io private dns zone"
+  default     = null
 }
 
 variable "privatelink_notebooks_azure_net_resource_id" {
   type        = string
   description = "Resource ID of the existing privatelink.notebooks.azure.net private dns zone"
+  default     = null
 }
 
 variable "privatelink_blob_core_windows_net_resource_id" {
   type        = string
   description = "Resource ID of the existing privatelink.blob.core.windows.net private dns zone"
+  default     = null
 }
 
 variable "privatelink_file_core_windows_net_resource_id" {
   type        = string
   description = "Resource ID of the existing privatelink.file.core.windows.net private dns zone"
+  default     = null
 }
 
 variable "privatelink_vaultcore_azure_net_resource_id" {
   type        = string
   description = "Resource ID of the existing privatelink.vaultcore.azure.net private dns zone"
+  default     = null
 }