Merge pull request #32526 from DrFaust92/domain-canvas-workspace

Add workspace settings to sagemaker studio resources
hashicorp · Jul 26, 2023 · aa24abc · aa24abc
2 parents 7343c60 + 1f06535
commit aa24abc
Show file tree

Hide file tree

Showing 7 changed files with 161 additions and 2 deletions.
diff --git a/.changelog/32526.txt b/.changelog/32526.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/aws_sagemaker_domain: Add `default_user_settings.canvas_app_settings.workspace_settings` attribute
+```
+
+```release-note:enhancement
+resource/aws_sagemaker_user_profile: Add `user_settings.canvas_app_settings.workspace_settings` attribute
+```
diff --git a/internal/service/sagemaker/domain.go b/internal/service/sagemaker/domain.go
@@ -263,6 +263,27 @@ func ResourceDomain() *schema.Resource {
 											},
 										},
 									},
+									"workspace_settings": {
+										Type:     schema.TypeList,
+										Optional: true,
+										MaxItems: 1,
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"s3_artifact_path": {
+													Type:     schema.TypeString,
+													Optional: true,
+													ValidateFunc: validation.All(
+														validation.StringMatch(regexp.MustCompile(`^(https|s3)://([^/])/?(.*)$`), ""),
+														validation.StringLenBetween(1, 1024),
+													),
+												},
+												"s3_kms_key_id": {
+													Type:     schema.TypeString,
+													Optional: true,
+												},
+											},
+										},
+									},
 								},
 							},
 						},
@@ -1137,6 +1158,7 @@ func expandCanvasAppSettings(l []interface{}) *sagemaker.CanvasAppSettings {
 	config := &sagemaker.CanvasAppSettings{
 		ModelRegisterSettings:         expandModelRegisterSettings(m["model_register_settings"].([]interface{})),
 		TimeSeriesForecastingSettings: expandTimeSeriesForecastingSettings(m["time_series_forecasting_settings"].([]interface{})),
+		WorkspaceSettings:             expandWorkspaceSettings(m["workspace_settings"].([]interface{})),
 	}
 
 	return config
@@ -1182,6 +1204,26 @@ func expandTimeSeriesForecastingSettings(l []interface{}) *sagemaker.TimeSeriesF
 	return config
 }
 
+func expandWorkspaceSettings(l []interface{}) *sagemaker.WorkspaceSettings {
+	if len(l) == 0 || l[0] == nil {
+		return nil
+	}
+
+	m := l[0].(map[string]interface{})
+
+	config := &sagemaker.WorkspaceSettings{}
+
+	if v, ok := m["s3_artifact_path"].(string); ok && v != "" {
+		config.S3ArtifactPath = aws.String(v)
+	}
+
+	if v, ok := m["s3_kms_key_id"].(string); ok && v != "" {
+		config.S3KmsKeyId = aws.String(v)
+	}
+
+	return config
+}
+
 func expandDomainCustomImages(l []interface{}) []*sagemaker.CustomImage {
 	images := make([]*sagemaker.CustomImage, 0, len(l))
 
@@ -1397,6 +1439,7 @@ func flattenCanvasAppSettings(config *sagemaker.CanvasAppSettings) []map[string]
 	m := map[string]interface{}{
 		"time_series_forecasting_settings": flattenTimeSeriesForecastingSettings(config.TimeSeriesForecastingSettings),
 		"model_register_settings":          flattenModelRegisterSettings(config.ModelRegisterSettings),
+		"workspace_settings":               flattenWorkspaceSettings(config.WorkspaceSettings),
 	}
 
 	return []map[string]interface{}{m}
@@ -1428,6 +1471,19 @@ func flattenTimeSeriesForecastingSettings(config *sagemaker.TimeSeriesForecastin
 	return []map[string]interface{}{m}
 }
 
+func flattenWorkspaceSettings(config *sagemaker.WorkspaceSettings) []map[string]interface{} {
+	if config == nil {
+		return []map[string]interface{}{}
+	}
+
+	m := map[string]interface{}{
+		"s3_artifact_path": aws.StringValue(config.S3ArtifactPath),
+		"s3_kms_key_id":    aws.StringValue(config.S3KmsKeyId),
+	}
+
+	return []map[string]interface{}{m}
+}
+
 func flattenDomainSettings(config *sagemaker.DomainSettings) []map[string]interface{} {
 	if config == nil {
 		return []map[string]interface{}{}

diff --git a/internal/service/sagemaker/domain_test.go b/internal/service/sagemaker/domain_test.go
@@ -311,6 +311,38 @@ func testAccDomain_modelRegisterSettings(t *testing.T) {
 	})
 }
 
+func testAccDomain_workspaceSettings(t *testing.T) {
+	ctx := acctest.Context(t)
+	var domain sagemaker.DescribeDomainOutput
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_sagemaker_domain.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, sagemaker.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckDomainDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDomainConfig_workspaceSettings(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckDomainExists(ctx, resourceName, &domain),
+					resource.TestCheckResourceAttr(resourceName, "default_user_settings.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.canvas_app_settings.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.canvas_app_settings.0.workspace_settings.#", "1"),
+					resource.TestCheckResourceAttrSet(resourceName, "default_user_settings.0.canvas_app_settings.0.workspace_settings.0.s3_artifact_path"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"retention_policy"},
+			},
+		},
+	})
+}
+
 func testAccDomain_tensorboardAppSettings(t *testing.T) {
 	ctx := acctest.Context(t)
 	var domain sagemaker.DescribeDomainOutput
@@ -1128,6 +1160,36 @@ resource "aws_sagemaker_domain" "test" {
 `, rName))
 }
 
+func testAccDomainConfig_workspaceSettings(rName string) string {
+	return acctest.ConfigCompose(testAccDomainConfig_base(rName), fmt.Sprintf(`
+resource "aws_s3_bucket" "test" {
+  bucket        = %[1]q
+  force_destroy = true
+}
+
+resource "aws_sagemaker_domain" "test" {
+  domain_name = %[1]q
+  auth_mode   = "IAM"
+  vpc_id      = aws_vpc.test.id
+  subnet_ids  = aws_subnet.test[*].id
+
+  default_user_settings {
+    execution_role = aws_iam_role.test.arn
+
+    canvas_app_settings {
+      workspace_settings {
+        s3_artifact_path = "s3://${aws_s3_bucket.test.bucket}/path"
+      }
+    }
+  }
+
+  retention_policy {
+    home_efs_file_system = "Delete"
+  }
+}
+`, rName))
+}
+
 func testAccDomainConfig_tensorBoardAppSettings(rName string) string {
 	return acctest.ConfigCompose(testAccDomainConfig_base(rName), fmt.Sprintf(`
 resource "aws_sagemaker_domain" "test" {

diff --git a/internal/service/sagemaker/sagemaker_test.go b/internal/service/sagemaker/sagemaker_test.go
@@ -54,6 +54,7 @@ func TestAccSageMaker_serial(t *testing.T) {
 			"defaultUserSettingsUpdated":                             testAccDomain_defaultUserSettingsUpdated,
 			"canvas":                                                 testAccDomain_canvasAppSettings,
 			"modelRegisterSettings":                                  testAccDomain_modelRegisterSettings,
+			"workspaceSettings":                                      testAccDomain_workspaceSettings,
 			"domainSettings":                                         testAccDomain_domainSettings,
 			"rSessionAppSettings":                                    testAccDomain_rSessionAppSettings,
 			"rStudioServerProAppSettings":                            testAccDomain_rStudioServerProAppSettings,

diff --git a/internal/service/sagemaker/user_profile.go b/internal/service/sagemaker/user_profile.go
@@ -116,6 +116,27 @@ func ResourceUserProfile() *schema.Resource {
 											},
 										},
 									},
+									"workspace_settings": {
+										Type:     schema.TypeList,
+										Optional: true,
+										MaxItems: 1,
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"s3_artifact_path": {
+													Type:     schema.TypeString,
+													Optional: true,
+													ValidateFunc: validation.All(
+														validation.StringMatch(regexp.MustCompile(`^(https|s3)://([^/])/?(.*)$`), ""),
+														validation.StringLenBetween(1, 1024),
+													),
+												},
+												"s3_kms_key_id": {
+													Type:     schema.TypeString,
+													Optional: true,
+												},
+											},
+										},
+									},
 								},
 							},
 						},

diff --git a/website/docs/r/sagemaker_domain.html.markdown b/website/docs/r/sagemaker_domain.html.markdown
@@ -134,17 +134,23 @@ The following arguments are optional:
 
 * `model_register_settings` - (Optional) The model registry settings for the SageMaker Canvas application. See [Model Register Settings](#model_register_settings) below.
 * `time_series_forecasting_settings` - (Optional) Time series forecast settings for the Canvas app. See [Time Series Forecasting Settings](#time_series_forecasting_settings) below.
+* `workspace_settings` - (Optional) The workspace settings for the SageMaker Canvas application. See [Workspace Settings](#workspace_settings) below.
 
 ##### model_register_settings
 
 * `cross_account_model_register_role_arn` - (Optional) The Amazon Resource Name (ARN) of the SageMaker model registry account. Required only to register model versions created by a different SageMaker Canvas AWS account than the AWS account in which SageMaker model registry is set up.
-* `status` - (Optional) Describes whether the integration to the model registry is enabled or disabled in the Canvas application.. Valid values are `ENABLED` and `DISABLED`.
+* `status` - (Optional) Describes whether the integration to the model registry is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`.
 
 ##### time_series_forecasting_settings
 
 * `amazon_forecast_role_arn` - (Optional) The IAM role that Canvas passes to Amazon Forecast for time series forecasting. By default, Canvas uses the execution role specified in the UserProfile that launches the Canvas app. If an execution role is not specified in the UserProfile, Canvas uses the execution role specified in the Domain that owns the UserProfile. To allow time series forecasting, this IAM role should have the [AmazonSageMakerCanvasForecastAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasForecastAccess) policy attached and forecast.amazonaws.com added in the trust relationship as a service principal.
 * `status` - (Optional) Describes whether time series forecasting is enabled or disabled in the Canvas app. Valid values are `ENABLED` and `DISABLED`.
 
+##### workspace_settings
+
+* `s3_artifact_path` - (Optional) The Amazon S3 bucket used to store artifacts generated by Canvas. Updating the Amazon S3 location impacts existing configuration settings, and Canvas users no longer have access to their artifacts. Canvas users must log out and log back in to apply the new location.
+* `s3_kms_key_id` - (Optional) The Amazon Web Services Key Management Service (KMS) encryption key ID that is used to encrypt artifacts generated by Canvas in the Amazon S3 bucket.
+
 #### sharing_settings
 
 * `notebook_output_option` - (Optional) Whether to include the notebook cell output when sharing the notebook. The default is `Disabled`. Valid values are `Allowed` and `Disabled`.

diff --git a/website/docs/r/sagemaker_user_profile.html.markdown b/website/docs/r/sagemaker_user_profile.html.markdown
@@ -48,6 +48,7 @@ This resource supports the following arguments:
 
 * `model_register_settings` - (Optional) The model registry settings for the SageMaker Canvas application. See [Model Register Settings](#model-register-settings) below.
 * `time_series_forecasting_settings` - (Optional) Time series forecast settings for the Canvas app. see [Time Series Forecasting Settings](#time-series-forecasting-settings) below.
+* `workspace_settings` - (Optional) The workspace settings for the SageMaker Canvas application. See [Workspace Settings](#workspace-settings) below.
 
 #### Sharing Settings
 
@@ -106,7 +107,12 @@ This resource supports the following arguments:
 ##### Model Register Settings
 
 * `cross_account_model_register_role_arn` - (Optional) The Amazon Resource Name (ARN) of the SageMaker model registry account. Required only to register model versions created by a different SageMaker Canvas AWS account than the AWS account in which SageMaker model registry is set up.
-* `status` - (Optional) Describes whether the integration to the model registry is enabled or disabled in the Canvas application.. Valid values are `ENABLED` and `DISABLED`.
+* `status` - (Optional) Describes whether the integration to the model registry is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`.
+
+##### Workspace Settings
+
+* `s3_artifact_path` - (Optional) The Amazon S3 bucket used to store artifacts generated by Canvas. Updating the Amazon S3 location impacts existing configuration settings, and Canvas users no longer have access to their artifacts. Canvas users must log out and log back in to apply the new location.
+* `s3_kms_key_id` - (Optional) The Amazon Web Services Key Management Service (KMS) encryption key ID that is used to encrypt artifacts generated by Canvas in the Amazon S3 bucket.
 
 ## Attribute Reference