terraform {
  required_version = "~> 0.12.21"
  required_providers {
    azurerm = "~> 1.44"
  }
}

resource "azurerm_virtual_network" "azvnet" {
  count = length(var.vnets)

  name                    = var.vnets[count.index].name
  resource_group_name     = var.vnets[count.index].resource_group_name
  address_space           = var.vnets[count.index].address_space
  location                = var.vnets[count.index].location
  dns_servers             = var.vnets[count.index].dns_servers
  tags                    = var.vnets[count.index].tags

  dynamic "subnet" {
    for_each = var.vnets[count.index].subnets
    content {
      name           = subnet.key
      address_prefix = subnet.value.address_prefix
      security_group = try(data.azurerm_network_security_group.nsg[subnet.value.nsg.name].id, null)
    }
  }

/*  ddos_protection_plan {
    id     = azurerm_ddos_protection_plan.example.id
    enable = true
  }*/
  depends_on = [var.azvnet_depends_on]
}

locals {
  nsgs = distinct(flatten([
    for vnet in var.vnets : [
      for subkey, subnet in vnet.subnets : {
        name                = subnet.nsg.name
        resource_group_name = try(subnet.nsg.resource_group_name, vnet.resource_group_name)
      }
    ]
  ]))
}

data "azurerm_network_security_group" "nsg" {
  for_each = {for nsg in local.nsgs: nsg.name => nsg}

  name                 = each.value.name
  resource_group_name  = each.value.resource_group_name
  depends_on = [var.azvnet_depends_on]
}