# Multi-Region Landing Zone Deployment
# Deploys landing zones across all non-US commercial Azure regions
# Uses the regional-landing-zone module

variable "environment" {
  description = "Environment name (dev, stage, prod)"
  type        = string
  default     = "dev"
}

variable "management_group_id" {
  description = "Root management group ID"
  type        = string
  default     = "SOVEREIGN-ORDER-OF-HOSPITALLERS"
}

variable "deploy_all_regions" {
  description = "Deploy to all supported regions"
  type        = bool
  default     = true
}

variable "regions_to_deploy" {
  description = "Specific regions to deploy (if deploy_all_regions is false)"
  type        = list(string)
  default     = []
}

# Supported non-US commercial regions
locals {
  supported_regions = [
    "westeurope",         # Netherlands - Primary
    "northeurope",        # Ireland - Secondary
    "uksouth",            # London - UK workloads
    "switzerlandnorth",   # Zurich - Swiss workloads
    "norwayeast",         # Oslo - Nordic workloads
    "francecentral",      # Paris - French workloads
    "germanywestcentral"  # Frankfurt - German workloads
  ]

  regions = var.deploy_all_regions ? local.supported_regions : var.regions_to_deploy

  # Hub VNet address spaces per region
  hub_address_spaces = {
    westeurope         = "10.0.0.0/16"
    northeurope        = "10.10.0.0/16"
    uksouth            = "10.20.0.0/16"
    switzerlandnorth   = "10.30.0.0/16"
    norwayeast         = "10.40.0.0/16"
    francecentral      = "10.50.0.0/16"
    germanywestcentral = "10.60.0.0/16"
  }

  # Spoke VNet address spaces per region
  spoke_address_spaces = {
    westeurope         = "10.1.0.0/16"
    northeurope        = "10.11.0.0/16"
    uksouth            = "10.21.0.0/16"
    switzerlandnorth   = "10.31.0.0/16"
    norwayeast         = "10.41.0.0/16"
    francecentral      = "10.51.0.0/16"
    germanywestcentral = "10.61.0.0/16"
  }

  common_tags = {
    Environment      = var.environment
    Project          = "the-order"
    ManagedBy        = "terraform"
    SovereigntyLevel = "high"
    DataClassification = "confidential"
    Compliance       = "gdpr,eidas"
  }
}

# Deploy regional landing zones
module "regional_landing_zones" {
  source = "../modules/regional-landing-zone"

  for_each = toset(local.regions)

  region             = each.value
  environment        = var.environment
  management_group_id = var.management_group_id
  hub_vnet_address_space = local.hub_address_spaces[each.value]
  spoke_vnet_address_space = local.spoke_address_spaces[each.value]
  tags              = merge(local.common_tags, {
    Region = each.value
  })
}

# Outputs
output "deployed_regions" {
  description = "List of deployed regions"
  value       = local.regions
}

output "regional_resource_groups" {
  description = "Resource group names per region"
  value = {
    for region, module in module.regional_landing_zones :
    region => module.resource_group_name
  }
}

output "regional_key_vaults" {
  description = "Key Vault IDs per region"
  value = {
    for region, module in module.regional_landing_zones :
    region => module.key_vault_id
  }
}

output "regional_storage_accounts" {
  description = "Storage account names per region"
  value = {
    for region, module in module.regional_landing_zones :
    region => module.storage_account_name
  }
}