terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 4.0.0"
    }
  }

  backend "local" {
    path = "azure-image-chooser.tfstate"
  }
}

provider "azurerm" {
  features {}

  subscription_id = var.subscription_id
}

variable "subscription_id" {
  description = "The Azure Subscription ID to use for the resources."
  type        = string
}

variable "azure_client_id" {
  description = "The Azure Client ID for authentication."
  type        = string

}

variable "azure_tenant_id" {
  description = "The Azure Tenant ID for authentication."
  type        = string

}

variable "azure_client_secret" {
  description = "The Azure Client Secret for authentication."
  type        = string
  sensitive   = true
}

variable "project_name" {
  description = "The name used to construct Azure resource names."
  type        = string
}

resource "azurerm_resource_group" "rg" {
  name     = "rg-${var.project_name}"
  location = "Poland Central"
}

resource "azurerm_log_analytics_workspace" "logaws" {
  name                = "${var.project_name}-logs"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  sku                 = "PerGB2018"
  retention_in_days   = 30
}

resource "azurerm_container_app_environment" "env" {
  name                       = "${var.project_name}-env"
  resource_group_name        = azurerm_resource_group.rg.name
  location                   = azurerm_resource_group.rg.location
  log_analytics_workspace_id = azurerm_log_analytics_workspace.logaws.id

  identity {
    type         = "UserAssigned"
    identity_ids = [azurerm_user_assigned_identity.uai.id]
  }

  workload_profile {
    maximum_count         = 1
    minimum_count         = 1
    name                  = "Consumption"
    workload_profile_type = "Consumption"
  }
}

resource "azurerm_container_app" "app" {
  name                         = "${var.project_name}-app"
  container_app_environment_id = azurerm_container_app_environment.env.id
  resource_group_name          = azurerm_resource_group.rg.name
  revision_mode                = "Single"

  template {
    container {
      name   = "azure-image-chooser"
      image  = "skdomlab.azurecr.io/azure-image-chooser:latest"
      cpu    = "0.25"
      memory = "0.5Gi"

      env {
        name  = "AZURE_CLIENT_ID"
        value = var.azure_client_id
      }

      env {
        name  = "AZURE_TENANT_ID"
        value = var.azure_tenant_id
      }

      env {
        name  = "AZURE_CLIENT_SECRET"
        value = var.azure_client_secret
      }

      env {
        name  = "AZURE_SUBSCRIPTION_ID"
        value = var.subscription_id
      }
    }

    min_replicas = 1
    max_replicas = 1
  }

  workload_profile_name = "Consumption"

  ingress {
    target_port      = 8501
    external_enabled = true

    traffic_weight {
      latest_revision = true
      percentage      = 100
    }
  }

  registry {
    server   = "skdomlab.azurecr.io"
    identity = azurerm_user_assigned_identity.uai.id
  }

  identity {
    type         = "UserAssigned"
    identity_ids = [azurerm_user_assigned_identity.uai.id]
  }
}

resource "azurerm_user_assigned_identity" "uai" {
  name                = "${var.project_name}-uai"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
}

resource "azurerm_role_assignment" "acr_pull" {
  scope                = data.azurerm_container_registry.acr.id
  role_definition_name = "AcrPull"
  principal_id         = azurerm_user_assigned_identity.uai.principal_id
}

data "azurerm_container_registry" "acr" {
  name                = "skdomlab"
  resource_group_name = "dom-lab-common"
}