import * as gcp from "@pulumi/gcp";
import * as pulumi from "@pulumi/pulumi";

export interface TunnelConfiguration {
	ipAddress: string;
	sharedSecret?: pulumi.Output<string>;
	cloudRouterBgpIpAddress: string;
	bgpPeerIpAddress: string;
}

export interface VpnOutput {
	googleAsn: number;
	awsAsn: number;
	ipAddress0: pulumi.Output<string>;
	ipAddress1: pulumi.Output<string>;
}

export function createVpn(
	gcpProject: string,
	region: string,
	prefix: string,
	network: gcp.compute.Network,
	googleAsn: number,
	awsAsn: number,
	tunnelConfigurations?: TunnelConfiguration[],
): VpnOutput {
	const router = new gcp.compute.Router(
		`${prefix}-router`,
		{
			bgp: {
				advertiseMode: "DEFAULT",
				advertisedGroups: [],
				advertisedIpRanges: [],
				asn: googleAsn,
			},
			encryptedInterconnectRouter: false,
			name: prefix,
			network: network.selfLink,
			project: gcpProject,
			region,
		},
		{
			dependsOn: [network],
		},
	);

	const vpnGateway = new gcp.compute.HaVpnGateway(
		`${prefix}-ha-vpn-gateway`,
		{
			name: prefix,
			network: network.selfLink,
			project: gcpProject,
			region,
			stackType: "IPV4_IPV6",
		},
		{
			dependsOn: [network],
		},
	);

	if (tunnelConfigurations && tunnelConfigurations.length > 0) {
		const externalVpnGateway = new gcp.compute.ExternalVpnGateway(
			`${prefix}-external-vpn-gateway`,
			{
				interfaces: tunnelConfigurations.map(
					(tunnelConfiguration, index) => {
						return {
							id: index,
							ipAddress: tunnelConfiguration.ipAddress,
						};
					},
				),
				name: prefix,
				project: gcpProject,
				redundancyType: "FOUR_IPS_REDUNDANCY",
			},
		);

		tunnelConfigurations.map((tunnelConfiguration, index) => {
			const vpnTunnel = new gcp.compute.VPNTunnel(
				`${prefix}-vpn-tunnel-${index}`,
				{
					ikeVersion: 2,
					labels: {},
					name: `${prefix}-${index}`,
					peerExternalGateway: externalVpnGateway.selfLink,
					peerExternalGatewayInterface: index,
					project: gcpProject,
					region,
					router: router.selfLink,
					sharedSecret: pulumi.interpolate`${tunnelConfiguration.sharedSecret}`,
					vpnGateway: vpnGateway.selfLink,
					vpnGatewayInterface: index === 0 || index === 1 ? 0 : 1,
				},
				{
					dependsOn: [externalVpnGateway, router, vpnGateway],
				},
			);

			const routerInterface = new gcp.compute.RouterInterface(
				`${prefix}-router-interface-${index}`,
				{
					ipRange: `${tunnelConfiguration.cloudRouterBgpIpAddress}/30`,
					name: `${prefix}-${index}`,
					project: gcpProject,
					region,
					router: router.name,
					vpnTunnel: vpnTunnel.selfLink,
				},
				{
					dependsOn: [vpnTunnel],
				},
			);

			new gcp.compute.RouterPeer(
				`${prefix}-router-peer-${index}`,
				{
					advertiseMode: "DEFAULT",
					advertisedGroups: [],
					advertisedIpRanges: [],
					advertisedRoutePriority: 0,
					enable: true,
					interface: routerInterface.name,
					ipAddress: tunnelConfiguration.cloudRouterBgpIpAddress,
					name: `${prefix}-${index}`,
					peerAsn: awsAsn,
					peerIpAddress: tunnelConfiguration.bgpPeerIpAddress,
					project: gcpProject,
					region,
					router: router.name,
				},
				{
					dependsOn: [router, routerInterface],
				},
			);
		});
	}

	return {
		googleAsn,
		awsAsn,
		ipAddress0: vpnGateway.vpnInterfaces[0].ipAddress,
		ipAddress1: vpnGateway.vpnInterfaces[1].ipAddress,
	};
}