data "azurerm_client_config" "current" {}

locals {
  backup_vault_name = (
    var.name != null &&
    trimspace(var.name) != "" ?
    var.name :
    "${coalesce(var.base_name, "")}${substr(md5("${data.azurerm_client_config.current.subscription_id}/${var.rg_name}/${coalesce(var.base_name, "")}"), 0, 6)}"
  )

  blob_storage_accounts = var.protected_blob_storage_accounts
  blob_backup_enabled   = length(local.blob_storage_accounts) > 0

  default_backup_policies = {
    default = {
      name                                   = "${local.backup_vault_name}-blob-policy"
      backup_repeating_time_intervals        = ["R/2026-01-01T01:00:00+00:00/P1D"]
      operational_default_retention_duration = "P30D"
      vault_default_retention_duration       = "P30D"
    }
  }

  blob_backup_policies = length(var.blob_backup_policies) > 0 ? {
    for key, policy in var.blob_backup_policies : key => {
      name                                   = coalesce(try(policy.name, null), "${local.backup_vault_name}-${key}-blob-policy")
      backup_repeating_time_intervals        = coalesce(try(policy.backup_repeating_time_intervals, null), local.default_backup_policies.default.backup_repeating_time_intervals)
      operational_default_retention_duration = coalesce(try(policy.operational_default_retention_duration, null), local.default_backup_policies.default.operational_default_retention_duration)
      vault_default_retention_duration       = coalesce(try(policy.vault_default_retention_duration, null), local.default_backup_policies.default.vault_default_retention_duration)
    }
  } : local.default_backup_policies

  default_backup_policy_key = contains(keys(local.blob_backup_policies), "default") ? "default" : sort(keys(local.blob_backup_policies))[0]
}

resource "azurerm_data_protection_backup_vault" "this" {
  name                = local.backup_vault_name
  resource_group_name = var.rg_name
  location            = var.location
  datastore_type      = var.datastore_type
  redundancy          = var.redundancy

  cross_region_restore_enabled = var.cross_region_restore_enabled
  retention_duration_in_days   = var.retention_duration_in_days
  immutability                 = var.immutability
  soft_delete                  = var.soft_delete

  dynamic "identity" {
    for_each = var.identity == null ? [] : [var.identity]

    content {
      type         = identity.value.type
      identity_ids = try(identity.value.identity_ids, null)
    }
  }

  tags = var.tags
}

resource "azurerm_data_protection_backup_policy_blob_storage" "this" {
  for_each = local.blob_backup_enabled ? local.blob_backup_policies : {}

  name     = each.value.name
  vault_id = azurerm_data_protection_backup_vault.this.id

  backup_repeating_time_intervals        = each.value.backup_repeating_time_intervals
  operational_default_retention_duration = each.value.operational_default_retention_duration
  vault_default_retention_duration       = each.value.vault_default_retention_duration
}

resource "azurerm_data_protection_backup_instance_blob_storage" "this" {
  for_each = local.blob_storage_accounts

  name               = coalesce(try(each.value.backup_instance_name, null), "${local.backup_vault_name}-${each.key}-blob-instance")
  vault_id           = azurerm_data_protection_backup_vault.this.id
  location           = coalesce(try(each.value.backup_instance_location, null), var.location)
  storage_account_id = each.value.id
  backup_policy_id   = azurerm_data_protection_backup_policy_blob_storage.this[coalesce(try(each.value.backup_policy_key, null), local.default_backup_policy_key)].id

  storage_account_container_names = try(each.value.container_names, null)
}