data "azurerm_client_config" "current" {}

locals {
  storage_account_name = (
    var.name != null &&
    trimspace(var.name) != "" ?
    var.name :
    "${coalesce(var.base_name, "")}${substr(md5("${data.azurerm_client_config.current.subscription_id}/${var.rg_name}/${coalesce(var.base_name, "")}"), 0, 6)}"
  )
}

# Azure Storage Account
resource "azurerm_storage_account" "this" {
  name                     = local.storage_account_name
  resource_group_name      = var.rg_name
  location                 = var.location
  account_tier             = var.account_tier
  account_replication_type = var.account_replication_type
  account_kind             = "StorageV2"

  shared_access_key_enabled       = false
  allow_nested_items_to_be_public = var.allow_nested_items_to_be_public
  https_traffic_only_enabled      = true
  public_network_access_enabled   = var.public_network_access_enabled
  min_tls_version                 = "TLS1_2"

  blob_properties {
    versioning_enabled  = var.enable_blob_versioning
    change_feed_enabled = var.enable_blob_change_feed

    dynamic "delete_retention_policy" {
      for_each = var.enable_blob_soft_delete ? [1] : []

      content {
        days = var.blob_soft_delete_retention_days
      }
    }

    dynamic "container_delete_retention_policy" {
      for_each = var.enable_container_soft_delete ? [1] : []

      content {
        days = var.container_soft_delete_retention_days
      }
    }

    dynamic "restore_policy" {
      for_each = var.enable_point_in_time_restore_for_containers ? [1] : []

      content {
        days = var.point_in_time_restore_days
      }
    }
  }

  tags = var.tags
}

# Azure Storage Container
resource "azurerm_storage_container" "containers" {
  for_each              = { for container in values(var.containers) : container.name => container }
  name                  = each.value.name
  storage_account_id    = azurerm_storage_account.this.id
  container_access_type = each.value.container_access_type
}