#!/bin/bash
# Deploy Cloud for Sovereignty Landing Zone
# Uses Well-Architected Framework principles
# Deploys across all non-US commercial Azure regions

set -e

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
TERRAFORM_DIR="$PROJECT_ROOT/infra/terraform"

echo "╔══════════════════════════════════════════════════════════════╗"
echo "║   CLOUD FOR SOVEREIGNTY LANDING ZONE DEPLOYMENT             ║"
echo "╚══════════════════════════════════════════════════════════════╝"
echo ""

# Load environment
source "$SCRIPT_DIR/azure-load-env.sh"

# Get management group ID from .env or use default
MANAGEMENT_GROUP_ID="${AZURE_MANAGEMENT_GROUP_ID:-SOVEREIGN-ORDER-OF-HOSPITALLERS}"
ENVIRONMENT="${TF_VAR_environment:-dev}"

echo "Configuration:"
echo "  Management Group: $MANAGEMENT_GROUP_ID"
echo "  Environment: $ENVIRONMENT"
echo "  Subscription: ${ARM_SUBSCRIPTION_ID:0:8}..."
echo ""

# Confirm deployment
read -p "Deploy landing zone to all non-US commercial regions? (yes/no): " -r
if [[ ! $REPLY =~ ^[Yy][Ee][Ss]$ ]]; then
  echo "Deployment cancelled."
  exit 0
fi

cd "$TERRAFORM_DIR"

# Step 1: Deploy Management Group Hierarchy
echo ""
echo "Step 1: Deploying Management Group Hierarchy..."
cd management-groups
terraform init
terraform plan -var="management_group_id=$MANAGEMENT_GROUP_ID" -out=tfplan
read -p "Apply management group changes? (yes/no): " -r
if [[ $REPLY =~ ^[Yy][Ee][Ss]$ ]]; then
  terraform apply tfplan
fi
cd ..

# Step 2: Deploy Policies
echo ""
echo "Step 2: Deploying Sovereignty Policies..."
cd policies
terraform init
terraform plan -var="management_group_id=$MANAGEMENT_GROUP_ID" -out=tfplan
read -p "Apply policy changes? (yes/no): " -r
if [[ $REPLY =~ ^[Yy][Ee][Ss]$ ]]; then
  terraform apply tfplan
fi
cd ..

# Step 3: Deploy Multi-Region Landing Zones
echo ""
echo "Step 3: Deploying Multi-Region Landing Zones..."
cd multi-region
terraform init
terraform plan \
  -var="environment=$ENVIRONMENT" \
  -var="management_group_id=$MANAGEMENT_GROUP_ID" \
  -var="deploy_all_regions=true" \
  -out=tfplan

echo ""
echo "This will deploy landing zones to:"
echo "  • West Europe (Netherlands) - Primary"
echo "  • North Europe (Ireland) - Secondary"
echo "  • UK South (London)"
echo "  • Switzerland North (Zurich)"
echo "  • Norway East (Oslo)"
echo "  • France Central (Paris)"
echo "  • Germany West Central (Frankfurt)"
echo ""

read -p "Apply multi-region deployment? (yes/no): " -r
if [[ $REPLY =~ ^[Yy][Ee][Ss]$ ]]; then
  terraform apply tfplan
  
  echo ""
  echo "✅ Multi-region landing zone deployment complete!"
  echo ""
  echo "Deployment outputs:"
  terraform output
fi

cd "$PROJECT_ROOT"

echo ""
echo "╔══════════════════════════════════════════════════════════════╗"
echo "║   DEPLOYMENT COMPLETE                                        ║"
echo "╚══════════════════════════════════════════════════════════════╝"
echo ""
echo "Next steps:"
echo "  1. Review deployed resources in Azure Portal"
echo "  2. Configure application workloads"
echo "  3. Set up monitoring and alerting"
echo "  4. Review compliance status in Azure Policy"
echo ""