# Azure CDN Infrastructure for Credential Seal Images
# Creates storage account, container, and CDN profile/endpoint

# Storage Account for CDN Images
resource "azurerm_storage_account" "cdn_images" {
  name                     = local.sa_cdn_name
  resource_group_name      = azurerm_resource_group.main.name
  location                 = var.azure_region
  account_tier             = "Standard"
  account_replication_type = "LRS"
  min_tls_version         = "TLS1_2"
  allow_blob_public_access = true

  # Enable blob versioning for image protection
  blob_properties {
    versioning_enabled = true
    delete_retention_policy {
      days = var.environment == "prod" ? 90 : 30
    }
    cors_rule {
      allowed_origins    = ["*"]
      allowed_methods    = ["GET", "HEAD", "OPTIONS"]
      allowed_headers    = ["*"]
      exposed_headers    = ["*"]
      max_age_in_seconds = 3600
    }
  }

  tags = merge(var.tags, {
    Purpose = "CDNImages"
  })
}

# Storage Container for Images
resource "azurerm_storage_container" "cdn_images" {
  name                  = "images"
  storage_account_name  = azurerm_storage_account.cdn_images.name
  container_access_type = "blob"
}

# CDN Profile
resource "azurerm_cdn_profile" "cdn_images" {
  name                = var.cdn_profile_name != "" ? var.cdn_profile_name : "theorder-cdn-${var.environment}"
  location            = var.azure_region
  resource_group_name = azurerm_resource_group.main.name
  sku                 = "Standard_Microsoft"

  tags = merge(var.tags, {
    Purpose = "CDNProfile"
  })
}

# CDN Endpoint
resource "azurerm_cdn_endpoint" "cdn_images" {
  name                = var.cdn_endpoint_name != "" ? var.cdn_endpoint_name : "theorder-cdn-endpoint-${var.environment}"
  profile_name        = azurerm_cdn_profile.cdn_images.name
  location            = var.azure_region
  resource_group_name = azurerm_resource_group.main.name

  origin {
    name      = "blob-origin"
    host_name = azurerm_storage_account.cdn_images.primary_blob_host
  }

  # Enable compression
  is_compression_enabled = true
  compression_types      = ["gzip", "deflate"]

  # Global delivery rule for cache
  global_delivery_rule {
    cache_expiration_action {
      behavior = "Override"
      duration = "1.00:00:00" # 1 day
    }
  }

  tags = merge(var.tags, {
    Purpose = "CDNEndpoint"
  })
}

# Outputs
output "cdn_storage_account_name" {
  description = "CDN storage account name"
  value       = azurerm_storage_account.cdn_images.name
}

output "cdn_storage_account_key" {
  description = "CDN storage account primary key"
  value       = azurerm_storage_account.cdn_images.primary_access_key
  sensitive   = true
}

output "cdn_container_name" {
  description = "CDN container name"
  value       = azurerm_storage_container.cdn_images.name
}

output "cdn_blob_url" {
  description = "CDN blob storage URL"
  value       = "https://${azurerm_storage_account.cdn_images.name}.blob.core.windows.net/${azurerm_storage_container.cdn_images.name}/"
}

output "cdn_endpoint_url" {
  description = "CDN endpoint URL"
  value       = "https://${azurerm_cdn_endpoint.cdn_images.host_name}/${azurerm_storage_container.cdn_images.name}/"
}