# Variables for Phase 1 Deployment

variable "environment" {
  description = "Environment (prod, dev, test, staging)"
  type        = string
  default     = "prod"
  validation {
    condition     = contains(["prod", "dev", "test", "staging"], var.environment)
    error_message = "Environment must be one of: prod, dev, test, staging"
  }
}

variable "location" {
  description = "Azure region for admin resources (West Europe)"
  type        = string
  default     = "westeurope"
}

variable "resource_group_name" {
  description = "Name of the admin resource group (West Europe). If empty, will use default naming."
  type        = string
  default     = ""
}

variable "key_vault_name" {
  description = "Name of the Key Vault (West Europe). If empty, will use default naming."
  type        = string
  default     = ""
}

variable "vm_admin_username" {
  description = "Admin username for VMs"
  type        = string
  default     = "besuadmin"
}

variable "ssh_public_key" {
  description = "SSH public key for VM access"
  type        = string
  sensitive   = true
}

variable "use_well_architected" {
  description = "Use Well-Architected Framework structure (multi-resource-group)"
  type        = bool
  default     = false
}

variable "network_resource_group_name" {
  description = "Name of the network resource group (Well-Architected Framework)"
  type        = string
  default     = ""
}

variable "security_resource_group_name" {
  description = "Name of the security resource group (Well-Architected Framework)"
  type        = string
  default     = ""
}

variable "tags" {
  description = "Tags to apply to all resources"
  type        = map(string)
  default = {
    Environment = "production"
    Project     = "DeFi Oracle Meta Mainnet"
    ChainID     = "138"
    ManagedBy   = "Terraform"
    CostCenter  = "Blockchain"
    Owner       = "DevOps Team"
  }
}

variable "allowed_ssh_ips" {
  description = "List of IP addresses/CIDR blocks allowed for SSH access. If empty, allows from anywhere (not recommended for production)."
  type        = list(string)
  default     = []
}

variable "allowed_rpc_ips" {
  description = "List of IP addresses/CIDR blocks allowed for RPC access (Nginx proxy subnet or Cloudflare Tunnel IPs). If empty, allows from anywhere (not recommended for production)."
  type        = list(string)
  default     = []
}

variable "allowed_p2p_ips" {
  description = "List of IP addresses/CIDR blocks allowed for P2P access. If empty, allows from anywhere (not recommended for production)."
  type        = list(string)
  default     = []
}

variable "allowed_metrics_ips" {
  description = "List of IP addresses/CIDR blocks allowed for metrics access. If empty, allows from anywhere (not recommended for production)."
  type        = list(string)
  default     = []
}

variable "key_vault_allowed_ips" {
  description = "List of IP addresses allowed to access Key Vault (for network ACLs). Required if environment is 'prod' and Key Vault default_action is 'Deny'."
  type        = list(string)
  default     = []
}

variable "key_vault_allowed_subnets" {
  description = "List of subnet IDs allowed to access Key Vault (for network ACLs). Required if environment is 'prod' and Key Vault default_action is 'Deny'."
  type        = list(string)
  default     = []
}