From 8221b856d1de0cde91c1459916e7101a2f626f0f Mon Sep 17 00:00:00 2001
From: Lucas Juviniano <lucasjuviniano@gmail.com>
Date: Mon, 5 Dec 2022 01:00:17 -0300
Subject: [PATCH 1/2] Add identity to iothub data source.

---
 .../services/iothub/iothub_data_source.go     | 37 +++++++++++++++++++
 .../iothub/iothub_data_source_test.go         |  8 ++++
 2 files changed, 45 insertions(+)

diff --git a/internal/services/iothub/iothub_data_source.go b/internal/services/iothub/iothub_data_source.go
index de29023333ff..1c992b473077 100644
--- a/internal/services/iothub/iothub_data_source.go
+++ b/internal/services/iothub/iothub_data_source.go
@@ -5,6 +5,7 @@ import (
 	"time"
 
 	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema"
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/identity"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/iothub/parse"
 	iothubValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/iothub/validate"
@@ -12,6 +13,7 @@ import (
 	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/timeouts"
 	"github.com/hashicorp/terraform-provider-azurerm/utils"
+	devices "github.com/tombuildsstuff/kermit/sdk/iothub/2022-04-30-preview/iothub"
 )
 
 func dataSourceIotHub() *pluginsdk.Resource {
@@ -35,6 +37,8 @@ func dataSourceIotHub() *pluginsdk.Resource {
 				Computed: true,
 			},
 
+			"identity": commonschema.SystemAssignedUserAssignedIdentityOptional(),
+
 			"tags": tags.Schema(),
 		},
 	}
@@ -56,6 +60,14 @@ func dataSourceIotHubRead(d *pluginsdk.ResourceData, meta interface{}) error {
 		return fmt.Errorf("retrieving %s: %+v", id, err)
 	}
 
+	identity, err := dataSourceFlattenIotHubIdentityDetails(resp.Identity)
+	if err != nil {
+		return fmt.Errorf("flattening `identity`: %+v", err)
+	}
+	if err := d.Set("identity", identity); err != nil {
+		return fmt.Errorf("setting `identity`: %+v", err)
+	}
+
 	d.Set("name", id.Name)
 	d.Set("resource_group_name", id.ResourceGroup)
 	d.SetId(id.ID())
@@ -66,3 +78,28 @@ func dataSourceIotHubRead(d *pluginsdk.ResourceData, meta interface{}) error {
 
 	return tags.FlattenAndSet(d, resp.Tags)
 }
+
+func dataSourceFlattenIotHubIdentityDetails(input *devices.ArmIdentity) (*[]interface{}, error) {
+	var transform *identity.SystemAndUserAssignedMap
+
+	if input != nil {
+		transform = &identity.SystemAndUserAssignedMap{
+			Type:        identity.Type(string(input.Type)),
+			IdentityIds: make(map[string]identity.UserAssignedIdentityDetails),
+		}
+
+		if input.PrincipalID != nil {
+			transform.PrincipalId = *input.PrincipalID
+		}
+		if input.TenantID != nil {
+			transform.TenantId = *input.TenantID
+		}
+		for k, v := range input.UserAssignedIdentities {
+			transform.IdentityIds[k] = identity.UserAssignedIdentityDetails{
+				ClientId:    v.ClientID,
+				PrincipalId: v.PrincipalID,
+			}
+		}
+	}
+	return identity.FlattenSystemAndUserAssignedMap(transform)
+}
diff --git a/internal/services/iothub/iothub_data_source_test.go b/internal/services/iothub/iothub_data_source_test.go
index ad50832fdaaa..d391109a8e2c 100644
--- a/internal/services/iothub/iothub_data_source_test.go
+++ b/internal/services/iothub/iothub_data_source_test.go
@@ -23,6 +23,10 @@ func TestAccDataSourceIotHub_basic(t *testing.T) {
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).Key("name").HasValue(name),
 				check.That(data.ResourceName).Key("resource_group_name").HasValue(resourceGroupName),
+				check.That(data.ResourceName).Key("identity.#").HasValue("1"),
+				check.That(data.ResourceName).Key("identity.0.type").HasValue("SystemAssigned"),
+				check.That(data.ResourceName).Key("identity.0.principal_id").Exists(),
+				check.That(data.ResourceName).Key("identity.0.tenant_id").Exists(),
 				check.That(data.ResourceName).Key("tags.%").HasValue("1"),
 				check.That(data.ResourceName).Key("tags.environment").HasValue("acctest"),
 			),
@@ -46,6 +50,10 @@ resource "azurerm_iothub" "test" {
   resource_group_name = azurerm_resource_group.test.name
   location            = azurerm_resource_group.test.location
 
+  identity {
+	type = "SystemAssigned"
+  }
+
   sku {
     name     = "S1"
     capacity = "1"

From 09936d30219789ca1083f14d0d8387b075f589d4 Mon Sep 17 00:00:00 2001
From: Lucas Juviniano <lucasjuviniano@gmail.com>
Date: Tue, 6 Jun 2023 22:12:20 -0300
Subject: [PATCH 2/2] Add public ip option to compute instance.

---
 ...hine_learning_compute_instance_resource.go | 17 ++++++++
 ...learning_compute_instance_resource_test.go | 39 ++++++++++++++++---
 ...ne_learning_compute_instance.html.markdown |  2 +
 3 files changed, 53 insertions(+), 5 deletions(-)

diff --git a/internal/services/machinelearning/machine_learning_compute_instance_resource.go b/internal/services/machinelearning/machine_learning_compute_instance_resource.go
index 7369b6097f1f..979ac8bb7695 100644
--- a/internal/services/machinelearning/machine_learning_compute_instance_resource.go
+++ b/internal/services/machinelearning/machine_learning_compute_instance_resource.go
@@ -148,6 +148,13 @@ func resourceComputeInstance() *pluginsdk.Resource {
 				ValidateFunc: networkValidate.SubnetID,
 			},
 
+			"node_public_ip_enabled": {
+				Type:     pluginsdk.TypeBool,
+				Optional: true,
+				Default:  true,
+				ForceNew: true,
+			},
+
 			"tags": commonschema.TagsForceNew(),
 		},
 	}
@@ -186,12 +193,17 @@ func resourceComputeInstanceCreate(d *pluginsdk.ResourceData, meta interface{})
 		}
 	}
 
+	if !d.Get("node_public_ip_enabled").(bool) && d.Get("subnet_resource_id").(string) == "" {
+		return fmt.Errorf("`subnet_resource_id` must be set if `node_public_ip_enabled` is set to `false`")
+	}
+
 	computeInstance := &machinelearningcomputes.ComputeInstance{
 		Properties: &machinelearningcomputes.ComputeInstanceProperties{
 			VMSize:                          utils.String(d.Get("virtual_machine_size").(string)),
 			Subnet:                          subnet,
 			SshSettings:                     expandComputeSSHSetting(d.Get("ssh").([]interface{})),
 			PersonalComputeInstanceSettings: expandComputePersonalComputeInstanceSetting(d.Get("assign_to_user").([]interface{})),
+			EnableNodePublicIP:              pointer.To(d.Get("node_public_ip_enabled").(bool)),
 		},
 		ComputeLocation:  utils.String(d.Get("location").(string)),
 		Description:      utils.String(d.Get("description").(string)),
@@ -273,6 +285,11 @@ func resourceComputeInstanceRead(d *pluginsdk.ResourceData, meta interface{}) er
 		d.Set("authorization_type", string(pointer.From(props.Properties.ComputeInstanceAuthorizationType)))
 		d.Set("ssh", flattenComputeSSHSetting(props.Properties.SshSettings))
 		d.Set("assign_to_user", flattenComputePersonalComputeInstanceSetting(props.Properties.PersonalComputeInstanceSettings))
+		enableNodePublicIP := true
+		if props.Properties.ConnectivityEndpoints.PublicIPAddress == nil {
+			enableNodePublicIP = false
+		}
+		d.Set("node_public_ip_enabled", enableNodePublicIP)
 	}
 
 	return tags.FlattenAndSet(d, resp.Model.Tags)
diff --git a/internal/services/machinelearning/machine_learning_compute_instance_resource_test.go b/internal/services/machinelearning/machine_learning_compute_instance_resource_test.go
index cdf51b99d427..82b2c317a7db 100644
--- a/internal/services/machinelearning/machine_learning_compute_instance_resource_test.go
+++ b/internal/services/machinelearning/machine_learning_compute_instance_resource_test.go
@@ -180,12 +180,42 @@ resource "azurerm_subnet_network_security_group_association" "test" {
   network_security_group_id = azurerm_network_security_group.test.id
 }
 
+resource "azurerm_private_dns_zone" "test" {
+  name                = "privatelink.api.azureml.ms"
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "test" {
+  name                  = "test-vlink"
+  resource_group_name   = azurerm_resource_group.test.name
+  private_dns_zone_name = azurerm_private_dns_zone.test.name
+  virtual_network_id    = azurerm_virtual_network.test.id
+}
+
+resource "azurerm_private_endpoint" "test" {
+  name                = "test-pe-%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  subnet_id           = azurerm_subnet.test.id
+  private_service_connection {
+    name                           = "test-mlworkspace-%d"
+    private_connection_resource_id = azurerm_machine_learning_workspace.test.id
+    subresource_names              = ["amlworkspace"]
+    is_manual_connection           = false
+  }
+  private_dns_zone_group {
+    name                 = "test"
+    private_dns_zone_ids = [azurerm_private_dns_zone.test.id]
+  }
+}
+
 resource "azurerm_machine_learning_compute_instance" "test" {
   name                          = "acctest%d"
   location                      = azurerm_resource_group.test.location
   machine_learning_workspace_id = azurerm_machine_learning_workspace.test.id
   virtual_machine_size          = "STANDARD_DS2_V2"
   authorization_type            = "personal"
+  node_public_ip_enabled        = false
   ssh {
     public_key = var.ssh_key
   }
@@ -196,9 +226,10 @@ resource "azurerm_machine_learning_compute_instance" "test" {
   }
   depends_on = [
     azurerm_subnet_network_security_group_association.test,
+    azurerm_private_endpoint.test
   ]
 }
-`, template, data.RandomIntOfLength(8), data.RandomIntOfLength(8), data.RandomIntOfLength(8))
+`, template, data.RandomIntOfLength(8), data.RandomIntOfLength(8), data.RandomIntOfLength(8), data.RandomIntOfLength(8), data.RandomIntOfLength(8))
 }
 
 func (r ComputeInstanceResource) requiresImport(data acceptance.TestData) string {
@@ -340,8 +371,6 @@ resource "azurerm_machine_learning_workspace" "test" {
     type = "SystemAssigned"
   }
 }
-`, data.RandomInteger, data.Locations.Primary,
-		data.RandomIntOfLength(12), data.RandomIntOfLength(15), data.RandomIntOfLength(16),
-		data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger,
-		data.RandomInteger, data.RandomInteger)
+`, data.RandomInteger, data.Locations.Primary, data.RandomIntOfLength(12),
+		data.RandomIntOfLength(15), data.RandomIntOfLength(16))
 }
diff --git a/website/docs/r/machine_learning_compute_instance.html.markdown b/website/docs/r/machine_learning_compute_instance.html.markdown
index 2da6223a9631..a7ec149be78b 100644
--- a/website/docs/r/machine_learning_compute_instance.html.markdown
+++ b/website/docs/r/machine_learning_compute_instance.html.markdown
@@ -121,6 +121,8 @@ The following arguments are supported:
 
 * `subnet_resource_id` - (Optional) Virtual network subnet resource ID the compute nodes belong to. Changing this forces a new Machine Learning Compute Instance to be created.
 
+* `node_public_ip_enabled` - (Optional) Whether the compute instance will have a public ip. To set this to false a `subnet_resource_id` needs to be set. Defaults to `true`. Changing this forces a new Machine Learning Compute Cluster to be created.
+
 * `tags` - (Optional) A mapping of tags which should be assigned to the Machine Learning Compute Instance. Changing this forces a new Machine Learning Compute Instance to be created.
 
 ---