# 华为云模块

terraform {
  required_providers {
    huaweicloud = {
      source  = "huaweicloud/huaweicloud"
      version = "~> 1.60"
    }
  }
}

# 获取可用区
data "huaweicloud_availability_zones" "zones" {}

# 获取镜像
data "huaweicloud_images_image" "ubuntu" {
  name        = "Ubuntu 22.04 server 64bit"
  most_recent = true
}

# VPC
resource "huaweicloud_vpc" "main" {
  name = "${var.project_name}-${var.environment}-vpc"
  cidr = var.vpc_cidr

  tags = merge(var.common_tags, {
    Name = "${var.project_name}-${var.environment}-vpc"
  })
}

# 子网
resource "huaweicloud_vpc_subnet" "public" {
  count      = length(var.availability_zones)
  name       = "${var.project_name}-${var.environment}-public-${var.availability_zones[count.index]}"
  cidr       = cidrsubnet(var.vpc_cidr, 8, count.index)
  gateway_ip = cidrhost(cidrsubnet(var.vpc_cidr, 8, count.index), 1)
  vpc_id     = huaweicloud_vpc.main.id

  tags = merge(var.common_tags, {
    Name = "${var.project_name}-${var.environment}-public-${var.availability_zones[count.index]}"
    Type = "public"
  })
}

# 安全组
resource "huaweicloud_networking_secgroup" "main" {
  name        = "${var.project_name}-${var.environment}-sg"
  description = "Security group for ${var.project_name} ${var.environment}"

  tags = merge(var.common_tags, {
    Name = "${var.project_name}-${var.environment}-sg"
  })
}

# 安全组规则 - SSH
resource "huaweicloud_networking_secgroup_rule" "ssh" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 22
  port_range_max    = 22
  remote_ip_prefix  = "0.0.0.0/0"
  security_group_id = huaweicloud_networking_secgroup.main.id
}

# 安全组规则 - HTTP
resource "huaweicloud_networking_secgroup_rule" "http" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 80
  port_range_max    = 80
  remote_ip_prefix  = "0.0.0.0/0"
  security_group_id = huaweicloud_networking_secgroup.main.id
}

# 安全组规则 - HTTPS
resource "huaweicloud_networking_secgroup_rule" "https" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 443
  port_range_max    = 443
  remote_ip_prefix  = "0.0.0.0/0"
  security_group_id = huaweicloud_networking_secgroup.main.id
}

# 弹性IP
resource "huaweicloud_vpc_eip" "main" {
  count = var.environment == "production" ? 2 : 1
  
  publicip {
    type = "5_bgp"
  }
  
  bandwidth {
    name        = "${var.project_name}-${var.environment}-bandwidth-${count.index}"
    size        = var.environment == "production" ? 10 : 5
    share_type  = "PER"
    charge_mode = "traffic"
  }

  tags = merge(var.common_tags, {
    Name = "${var.project_name}-${var.environment}-eip-${count.index}"
  })
}

# 输出
output "vpc_id" {
  description = "VPC ID"
  value       = huaweicloud_vpc.main.id
}

output "subnet_ids" {
  description = "子网 ID 列表"
  value       = huaweicloud_vpc_subnet.public[*].id
}

output "security_group_id" {
  description = "安全组 ID"
  value       = huaweicloud_networking_secgroup.main.id
}

output "availability_zones" {
  description = "可用区列表"
  value       = data.huaweicloud_availability_zones.zones.names
}

output "ubuntu_image_id" {
  description = "Ubuntu 镜像 ID"
  value       = data.huaweicloud_images_image.ubuntu.id
}

output "eip_addresses" {
  description = "弹性IP地址列表"
  value       = huaweicloud_vpc_eip.main[*].address
}