provider "fortios" {
  insecure = true
}

terraform {
  required_providers {
    fortios = {
      source  = "fortinetdev/fortios"
      version = "~> 1.7"
    }
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "~> 3.0"
    }
  }
  required_version = ">= 1.0"
}

data "cloudflare_ip_ranges" "cloudflare_address_list" {}

resource "fortios_firewall_address" "cloudflare_ipv4_block" {
  count  = length(data.cloudflare_ip_ranges.cloudflare_address_list.ipv4_cidr_blocks)
  name   = "CloudFlare IPv4 ${count.index}"
  type   = "ipmask"
  subnet = data.cloudflare_ip_ranges.cloudflare_address_list.ipv4_cidr_blocks[count.index]
}

resource "fortios_firewall_address6" "cloudflare_ipv6_block" {
  count = length(data.cloudflare_ip_ranges.cloudflare_address_list.ipv6_cidr_blocks)
  name  = "CloudFlare IPv6 ${count.index}"
  type  = "ipprefix"
  ip6   = data.cloudflare_ip_ranges.cloudflare_address_list.ipv6_cidr_blocks[count.index]
}

resource "fortios_firewall_addrgrp" "cloudflare_ipv4_group" {
  name = "CloudFlare IPv4 Group"
  dynamic "member" {
    for_each = fortios_firewall_address.cloudflare_ipv4_block[*].name
    content {
      name = member.value
    }
  }
  depends_on = [
    fortios_firewall_address.cloudflare_ipv4_block
  ]
}

resource "fortios_firewall_addrgrp6" "cloudflare_ipv6_group" {
  name = "CloudFlare IPv6 Group"
  dynamic "member" {
    for_each = fortios_firewall_address6.cloudflare_ipv6_block[*].name
    content {
      name = member.value
    }
  }
  depends_on = [
    fortios_firewall_address6.cloudflare_ipv6_block
  ]
}