resource "azurerm_virtual_network" "vnet" {
  address_space       = var.address_space
  location            = var.vnet_location
  name                = var.vnet_name
  resource_group_name = var.resource_group_name
  bgp_community       = var.bgp_community
  tags = merge(var.tags, (/*<box>*/ (var.tracing_tags_enabled ? { for k, v in /*</box>*/ {
    avm_git_commit           = "2b2f05969200c71b6609f4cdfa9120d48af55537"
    avm_git_file             = "main.tf"
    avm_git_last_modified_at = "2022-11-29 07:03:18"
    avm_git_org              = "Azure"
    avm_git_repo             = "terraform-azurerm-vnet"
    avm_yor_trace            = "e0fffe7a-e1bf-4847-83ce-05620c3c2388"
    } /*<box>*/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /*</box>*/), (/*<box>*/ (var.tracing_tags_enabled ? { for k, v in /*</box>*/ {
    avm_yor_name = "vnet"
  } /*<box>*/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /*</box>*/))

  dynamic "ddos_protection_plan" {
    for_each = var.ddos_protection_plan != null ? [var.ddos_protection_plan] : []

    content {
      enable = ddos_protection_plan.value.enable
      id     = ddos_protection_plan.value.id
    }
  }

  lifecycle {
    ignore_changes = [dns_servers]
  }
}

resource "azurerm_virtual_network_dns_servers" "this" {
  count = var.dns_servers != null ? 1 : 0

  virtual_network_id = azurerm_virtual_network.vnet.id
  dns_servers        = var.dns_servers
}

moved {
  from = azurerm_subnet.subnet
  to   = azurerm_subnet.subnet_count
}

resource "azurerm_subnet" "subnet_count" {
  count = var.use_for_each ? 0 : length(var.subnet_names)

  address_prefixes                              = [var.subnet_prefixes[count.index]]
  name                                          = var.subnet_names[count.index]
  resource_group_name                           = var.resource_group_name
  virtual_network_name                          = azurerm_virtual_network.vnet.name
  private_endpoint_network_policies             = (lookup(var.subnet_enforce_private_link_endpoint_network_policies, var.subnet_names[count.index], false) != null) ? (lookup(var.subnet_enforce_private_link_endpoint_network_policies, var.subnet_names[count.index], false) ? ("Disabled") : ("Enabled")) : ("Enabled")
  private_link_service_network_policies_enabled = (lookup(var.subnet_enforce_private_link_service_network_policies, var.subnet_names[count.index], false) != null) ? (!lookup(var.subnet_enforce_private_link_service_network_policies, var.subnet_names[count.index], false)) : (true)
  service_endpoints                             = lookup(var.subnet_service_endpoints, var.subnet_names[count.index], null)

  dynamic "delegation" {
    for_each = lookup(var.subnet_delegation, var.subnet_names[count.index], {})

    content {
      name = delegation.key

      service_delegation {
        name    = lookup(delegation.value, "service_name")
        actions = lookup(delegation.value, "service_actions", [])
      }
    }
  }

  depends_on = [azurerm_virtual_network_dns_servers.this]
}

resource "azurerm_subnet" "subnet_for_each" {
  for_each = var.use_for_each ? toset(var.subnet_names) : []

  address_prefixes                              = [local.subnet_names_prefixes[each.value]]
  name                                          = each.value
  resource_group_name                           = var.resource_group_name
  virtual_network_name                          = azurerm_virtual_network.vnet.name
  private_endpoint_network_policies             = (lookup(var.subnet_enforce_private_link_endpoint_network_policies, each.value, false) != null) ? (lookup(var.subnet_enforce_private_link_endpoint_network_policies, each.value, false) ? ("Disabled") : ("Enabled")) : ("Enabled")
  private_link_service_network_policies_enabled = (lookup(var.subnet_enforce_private_link_service_network_policies, each.value, false) != null) ? (!lookup(var.subnet_enforce_private_link_service_network_policies, each.value, false)) : (true)
  service_endpoints                             = lookup(var.subnet_service_endpoints, each.value, null)

  dynamic "delegation" {
    for_each = lookup(var.subnet_delegation, each.value, {})

    content {
      name = delegation.key

      service_delegation {
        name    = lookup(delegation.value, "service_name")
        actions = lookup(delegation.value, "service_actions", [])
      }
    }
  }

  depends_on = [azurerm_virtual_network_dns_servers.this]
}

locals {
  azurerm_subnets = var.use_for_each ? [for s in azurerm_subnet.subnet_for_each : s] : [for s in azurerm_subnet.subnet_count : s]
  azurerm_subnets_name_id_map = {
    for index, subnet in local.azurerm_subnets :
    subnet.name => subnet.id
  }
}

resource "azurerm_subnet_network_security_group_association" "vnet" {
  for_each = var.nsg_ids

  network_security_group_id = each.value
  subnet_id                 = local.azurerm_subnets_name_id_map[each.key]
}

resource "azurerm_subnet_route_table_association" "vnet" {
  for_each = var.route_tables_ids

  route_table_id = each.value
  subnet_id      = local.azurerm_subnets_name_id_map[each.key]
}