resource "aws_security_group" "sg" {
  count       = length(var.security-groups)
  name        = var.security-groups[count.index].name
  description = var.security-groups[count.index].description
  vpc_id      = var.vpcid
  tags = {
    Name = var.security-groups[count.index].name
  }
}

// see https://www.terraform.io/docs/configuration/functions/flatten.html

locals {
  rules = flatten([
    for sg_key, sg in var.security-groups : [
      for rule_key, rule in lookup(sg, "rules") : {
        sg_key      = sg_key
        rule_key    = rule_key
        sg_name     = sg.name
        protocol    = rule[0]
        cidr_blocks = rule[1]
        from_port   = rule[2]
        to_port     = rule[3]
        type        = rule[4]
        description = rule[5]
      }
    ]
  ])


}

resource "aws_security_group_rule" "rules" {
  for_each = {
    for rule in local.rules : "${rule.sg_key}.${rule.rule_key}" => rule
  }

  security_group_id = matchkeys(aws_security_group.sg.*.id, aws_security_group.sg.*.name, [each.value.sg_name])[0]
  protocol          = each.value.protocol
  cidr_blocks       = [each.value.cidr_blocks]
  from_port         = each.value.from_port
  to_port           = each.value.to_port
  type              = each.value.type
  description       = each.value.description
}

output sg-id-name {
  value = [
    for id, name in zipmap(
      sort(aws_security_group.sg.*.id),
      sort(aws_security_group.sg.*.name)) :
      map("id", id, "name", name)
  ]
}