# Still need:

# write to DB

resource "random_id" "id" {
    byte_length = 2
}

locals{
    project_name_string = substr(lower(replace(var.project_name, "/\\s/", "-")), 0, 25)
    filter_string = "logName=\"projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity\""
    default_cidr = "10.255.0.0/16"
    default_subnets = {for x in var.vpc_regions : x => cidrsubnet(local.default_cidr,4,index(var.vpc_regions, x))}
    pods_cidr = "10.255.128.0/17"
    pods_range = {for x in var.vpc_regions : x => cidrsubnet(local.pods_cidr,3,index(var.vpc_regions, x))}
    services_cidr = "10.255.224.0/19"
    services_range = {for x in var.vpc_regions : x => cidrsubnet(local.services_cidr,3,index(var.vpc_regions, x))}
}

resource "google_project" "gcp_project" {    
    name = var.project_name
    project_id = var.project_id == "" ? "${local.project_name_string}-${random_id.id.hex}" : var.project_id
    folder_id = var.folder_id
    billing_account = var.billing_id
    auto_create_network = false
    labels = {
        "shortcode" = var.shortcode 
    }
}

resource "google_project_iam_member" "project_iam" {
    project = google_project.gcp_project.project_id
    role    = "roles/editor"
    member  = "group:${var.mcomm_group_email}"
}

resource "google_project_service" "compute_api" {
  project = google_project.gcp_project.project_id
  service = "compute.googleapis.com"
}

resource "google_project_service" "pubsub_api" {    
    project = google_project.gcp_project.project_id
    service = "pubsub.googleapis.com"
}

resource "google_logging_project_sink" "log_export" {
    project = google_project.gcp_project.project_id
    name = "${google_project.gcp_project.project_id}-log-export"
    destination = var.log_export_destination
    # filter = "projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity" # Need this
    filter = local.filter_string
    unique_writer_identity = true    
}

# Give unique writer permission to publish/write to pub/sub topic
resource "google_pubsub_topic_iam_member" "publisher" {
    project = "vci-mcloud-service" # should make this a var    
    topic = var.log_export_destination
    role = "roles/pubsub.publisher"
    member = google_logging_project_sink.log_export.writer_identity      
}

resource "google_compute_network" "default_vpc" {
    project = google_project.gcp_project.project_id
    name = "${var.vpc_prefix}-default-vpc"
    routing_mode = "GLOBAL"
    auto_create_subnetworks = false    
}

resource "google_compute_subnetwork" "default_subnet" {
    for_each = local.default_subnets
    project = google_project.gcp_project.project_id
    name = "default-${each.key}"
    region = each.key
    ip_cidr_range = each.value
    network = google_compute_network.default_vpc.self_link 
    secondary_ip_range = var.gke_vpc_ranges ? [{range_name = "${each.key}-pods", ip_cidr_range = local.pods_range[each.key]},{range_name = "${each.key}-services", ip_cidr_range = local.services_range[each.key]}] : []
}

module "vpn" {
    source = "./modules/terraform-google-gcp-at-um-vpn"
    count = var.vpn == true ? 1 : 0

    project_id      = google_project.gcp_project.project_id
    regions         = var.vpc_regions
    vpc_prefix      = var.vpc_prefix
    network_size    = var.vpn_network_size
    bgp_network     = var.vpn_bgp_network
    cloud_asn       = var.vpn_cloud_asn
    um_vpn_endpoint = var.um_vpn_endpoint
}