resource "oci_core_vcn" "list" {
  for_each = var.vcn

  compartment_id = var.compartment_ocid
  display_name   = "VCN ${each.key}"
  cidr_blocks    = [each.value.cidr_block]
  dns_label      = each.key
}


resource "oci_core_subnet" "list" {
  for_each = var.vcn

  compartment_id = var.compartment_ocid
  vcn_id         = oci_core_vcn.list[each.key].id
  cidr_block     = each.value.cidr_block
  display_name   = "Subnet ${each.key}"
  dns_label      = each.key
}

resource "oci_core_internet_gateway" "list" {
  for_each = var.vcn

  compartment_id = var.compartment_ocid
  vcn_id         = oci_core_vcn.list[each.key].id
}

resource "oci_core_default_route_table" "list" {
  for_each = var.vcn

  manage_default_resource_id = oci_core_vcn.list[each.key].default_route_table_id
  compartment_id             = var.compartment_ocid

  route_rules {
    destination       = "0.0.0.0/0"
    destination_type  = "CIDR_BLOCK"
    network_entity_id = oci_core_internet_gateway.list[each.key].id
  }
}

resource "oci_core_default_security_list" "list" {
  for_each = var.vcn

  manage_default_resource_id = oci_core_vcn.list[each.key].default_security_list_id
  compartment_id             = var.compartment_ocid

  egress_security_rules {
    destination      = "0.0.0.0/0"
    destination_type = "CIDR_BLOCK"
    protocol         = "all"
    stateless        = false
  }

  ingress_security_rules {
    protocol    = "1" # ICMP
    source      = "172.16.2.0/24"
    source_type = "CIDR_BLOCK"
    stateless   = false

    icmp_options {
      code = -1
      type = 3
    }
  }

  ingress_security_rules {
    protocol    = "1" # ICMP
    source      = "0.0.0.0/0"
    source_type = "CIDR_BLOCK"
    stateless   = false

    icmp_options {
      code = 4
      type = 3
    }
  }

  ingress_security_rules {
    description = "SSH"
    protocol    = "6" # TCP
    source      = "0.0.0.0/0"
    source_type = "CIDR_BLOCK"
    stateless   = false

    tcp_options {
      max = 22
      min = 22
    }
  }


  ingress_security_rules {
    description = "HTTPS"
    protocol    = "6" # TCP
    source      = "0.0.0.0/0"
    source_type = "CIDR_BLOCK"
    stateless   = false

    tcp_options {
      max = 443
      min = 443
    }
  }

  ingress_security_rules {
    description = "HTTPS"
    protocol    = "6" # TCP
    source      = "0.0.0.0/0"
    source_type = "CIDR_BLOCK"
    stateless   = false

    tcp_options {
      max = 80
      min = 80
    }
  }

  dynamic "ingress_security_rules" {
    for_each = each.value.firewall_rules

    content {
      description = ingress_security_rules.value.description
      protocol    = ingress_security_rules.value.is_udp ? "17" : "6"
      source      = ingress_security_rules.value.cidr
      source_type = "CIDR_BLOCK"

      dynamic "tcp_options" {
        for_each = ingress_security_rules.value.is_udp ? [] : [1]
        content {
          max = ingress_security_rules.value.port_max
          min = ingress_security_rules.value.port_min
        }
      }

      dynamic "udp_options" {
        for_each = ingress_security_rules.value.is_udp ? [1] : []

        content {
          max = ingress_security_rules.value.port_max
          min = ingress_security_rules.value.port_min
        }
      }

    }
  }
}