#!/bin/bash

# Generates s3cmd config from rook.io CephObjectStoreUser secrets fetched from
# Kubernetes apiserver. Accepts extra K8S_INTERNAL=1 environment variable flag
# that generates config that connects to internal rgw service.
#
# Usage:
#   bazel run //cluster/tools:rook-s3cmd-config > config
#   s3cmd -c config --region "STORENAME:default-placement" mb s3://test/

set -euo pipefail

# Copy-pasted from Bazel's Bash runfiles library (tools/bash/runfiles/runfiles.bash).
if [[ ! -d "${RUNFILES_DIR:-/dev/null}" && ! -f "${RUNFILES_MANIFEST_FILE:-/dev/null}" ]]; then
  if [[ -f "$0.runfiles_manifest" ]]; then
    export RUNFILES_MANIFEST_FILE="$0.runfiles_manifest"
  elif [[ -f "$0.runfiles/MANIFEST" ]]; then
    export RUNFILES_MANIFEST_FILE="$0.runfiles/MANIFEST"
  elif [[ -f "$0.runfiles/bazel_tools/tools/bash/runfiles/runfiles.bash" ]]; then
    export RUNFILES_DIR="$0.runfiles"
  fi
fi
if [[ -f "${RUNFILES_DIR:-/dev/null}/bazel_tools/tools/bash/runfiles/runfiles.bash" ]]; then
  source "${RUNFILES_DIR}/bazel_tools/tools/bash/runfiles/runfiles.bash"
elif [[ -f "${RUNFILES_MANIFEST_FILE:-/dev/null}" ]]; then
  source "$(grep -m1 "^bazel_tools/tools/bash/runfiles/runfiles.bash " "$RUNFILES_MANIFEST_FILE" | cut -d ' ' -f 2-)"
else
  echo >&2 "ERROR: cannot find @bazel_tools//tools/bash/runfiles:runfiles.bash"
  exit 1
fi
# endpaste

kubectl=$(rlocation "hscloud/cluster/tools/kubectl")
if [ -z "$kubectl" ]; then
    echo "Could not find kubectl in runfiles" >&2
    exit 1
fi

jq=$(rlocation "com_github_stedolan_jq/jq")
if [ -z "$jq" ]; then
    echo "Could not find jq in runfiles" >&2
    exit 1
fi

username="${1}"
storename="${2:-waw-hdd-redundant-3-object}"
clustername="${3:-ceph-waw3}"

if [ -z "$username" ]; then
    echo "Usage: $0 <username>" >&2
    exit 1
fi


secret="$($kubectl get secrets rook-ceph-object-user-$storename-$username -n $clustername -o json)"
accesskey="$(echo "$secret" | $jq -r '.data.AccessKey' | base64 -d)"
secretkey="$(echo "$secret" | $jq -r '.data.SecretKey' | base64 -d)"

if [[ ! -z "${K8S_INTERNAL:-}" ]]; then
    domain="rook-ceph-rgw-$storename.$clustername.svc.cluster.local"
else
    domain="object.$clustername.hswaw.net"
fi

cat <<EOF
[default]
access_key = $accesskey
secret_key = $secretkey
host_base = $domain
host_bucket = $domain
EOF

if [[ ! -z "${K8S_INTERNAL:-}" ]]; then
    echo "use_https = False"
fi