# Dependent resources for Azure Machine Learning
resource "azurerm_application_insights" "default" {
  name                = "${var.name}-${var.environment}-ain"
  location            = azurerm_resource_group.default.location
  resource_group_name = azurerm_resource_group.default.name
  application_type    = "web"
}

resource "azurerm_key_vault" "default" {
  name                     = "${var.name}${var.environment}kv"
  location                 = azurerm_resource_group.default.location
  resource_group_name      = azurerm_resource_group.default.name
  tenant_id                = data.azurerm_client_config.current.tenant_id
  sku_name                 = "premium"
  purge_protection_enabled = true
  
  network_acls {
    default_action = "Deny"
    bypass = "AzureServices"
  }
}

resource "azurerm_storage_account" "default" {
  name                     = "${var.name}${var.environment}sa"
  location                 = azurerm_resource_group.default.location
  resource_group_name      = azurerm_resource_group.default.name
  account_tier             = "Standard"
  account_replication_type = "GRS"

  network_rules {
    default_action = "Deny"
    bypass = ["AzureServices"]
  }
}

resource "azurerm_container_registry" "default" {
  name                     = "${var.name}${var.environment}cr"
  location                 = azurerm_resource_group.default.location
  resource_group_name      = azurerm_resource_group.default.name
  sku                      = "Premium"
  admin_enabled            = true
}

# Machine Learning workspace
resource "azurerm_machine_learning_workspace" "default" {
  name                    = "${var.name}-${var.environment}-aml"
  location                = azurerm_resource_group.default.location
  resource_group_name     = azurerm_resource_group.default.name
  application_insights_id = azurerm_application_insights.default.id
  key_vault_id            = azurerm_key_vault.default.id
  storage_account_id      = azurerm_storage_account.default.id
  container_registry_id   = azurerm_container_registry.default.id

  identity {
    type = "SystemAssigned"
  }
}

# Private endpoints
resource "azurerm_private_endpoint" "keyvault_ple" {
  name                = "${var.name}-${var.environment}-kv-ple"
  location            = azurerm_resource_group.default.location
  resource_group_name = azurerm_resource_group.default.name
  subnet_id           = azurerm_subnet.mlsubnet.id

  private_dns_zone_group {
    name                 = "private-dns-zone-group"
    private_dns_zone_ids = [azurerm_private_dns_zone.dnsvault.id]
  }

  private_service_connection {
    name                           = "${var.name}kv-psc"
    private_connection_resource_id = azurerm_key_vault.default.id
    subresource_names              = [ "vault" ]
    is_manual_connection           = false
  }
}

resource "azurerm_private_endpoint" "storage_ple_blob" {
  name                = "${var.name}-${var.environment}-sa-ple-blob"
  location            = azurerm_resource_group.default.location
  resource_group_name = azurerm_resource_group.default.name
  subnet_id           = azurerm_subnet.mlsubnet.id

  private_dns_zone_group {
    name                 = "private-dns-zone-group"
    private_dns_zone_ids = [azurerm_private_dns_zone.dnsstorageblob.id]
  }

  private_service_connection {
    name                           = "${var.name}sa-psc"
    private_connection_resource_id = azurerm_storage_account.default.id
    subresource_names              = [ "blob" ]
    is_manual_connection           = false
  }
}

resource "azurerm_private_endpoint" "storage_ple_file" {
  name                = "${var.name}-${var.environment}-sa-ple-file"
  location            = azurerm_resource_group.default.location
  resource_group_name = azurerm_resource_group.default.name
  subnet_id           = azurerm_subnet.mlsubnet.id

  private_dns_zone_group {
    name                 = "private-dns-zone-group"
    private_dns_zone_ids = [azurerm_private_dns_zone.dnsstoragefile.id]
  }

  private_service_connection {
    name                           = "${var.name}sa-psc"
    private_connection_resource_id = azurerm_storage_account.default.id
    subresource_names              = [ "file" ]
    is_manual_connection           = false
  }
}

resource "azurerm_private_endpoint" "cr_ple" {
  name                = "${var.name}-${var.environment}-cr-ple"
  location            = azurerm_resource_group.default.location
  resource_group_name = azurerm_resource_group.default.name
  subnet_id           = azurerm_subnet.mlsubnet.id

  private_dns_zone_group {
    name                 = "private-dns-zone-group"
    private_dns_zone_ids = [azurerm_private_dns_zone.dnscontainerregistry.id]
  }

  private_service_connection {
    name                           = "${var.name}cr-psc"
    private_connection_resource_id = azurerm_container_registry.default.id
    subresource_names              = [ "registry" ]
    is_manual_connection           = false
  }
}

resource "azurerm_private_endpoint" "ml_ple" {
  name                = "${var.name}-${var.environment}-ml-ple"
  location            = azurerm_resource_group.default.location
  resource_group_name = azurerm_resource_group.default.name
  subnet_id           = azurerm_subnet.mlsubnet.id

  private_dns_zone_group {
    name                 = "private-dns-zone-group"
    private_dns_zone_ids = [
      azurerm_private_dns_zone.dnsazureml.id,
      azurerm_private_dns_zone.dnsnotebooks.id
    ]
  }

  private_service_connection {
    name                           = "${var.name}ml-psc"
    private_connection_resource_id = azurerm_machine_learning_workspace.default.id
    subresource_names              = [ "amlworkspace" ]
    is_manual_connection           = false
  }

}