#!/usr/bin/env bash

set -Eeuo pipefail

# Variables for cloud "yc.wall-e.cloud" folder "yc.wall-e.main-folder" in production YC.
PROD_YC_STAGE="prod"
PROD_CLOUD_API_ENDPOINT="api.cloud.yandex.net:443"
PROD_CLOUD_ID="yc.wall-e.cloud"
PROD_FOLDER_ID="yc.wall-e.main-folder"
PROD_WALLE_MAIN_SA_ID="yc.wall-e.main-sa"
PROD_YC_SA_PROFILE_NAME="prod-yc.wall-e.main-sa"
PROD_YC_USER_PROFILE_NAME="prod-fed-user"

# Variables for cloud "yc.wall-e.cloud" folder "yc.wall-e.main-folder" in prestable YC.
PREPROD_YC_STAGE="preprod"
PREPROD_CLOUD_API_ENDPOINT="api.cloud-preprod.yandex.net:443"
PREPROD_CLOUD_ID="yc.wall-e.cloud"
PREPROD_FOLDER_ID="yc.wall-e.main-folder"
PREPROD_WALLE_MAIN_SA_ID="yc.wall-e.main-sa"
PREPROD_YC_SA_PROFILE_NAME="preprod-yc.wall-e.main-sa"
PREPROD_YC_USER_PROFILE_NAME="preprod-fed-user"

# Variables for cloud "yc.wall-e.cloud-testing" folder "yc.wall-e.main-testing-folder" in prestable YC.
TESTING_YC_STAGE="testing"
TESTING_CLOUD_API_ENDPOINT="api.cloud-preprod.yandex.net:443"
TESTING_CLOUD_ID="yc.wall-e.cloud-testing"
TESTING_FOLDER_ID="yc.wall-e.main-testing-folder"
TESTING_WALLE_MAIN_SA_ID="yc.wall-e.main-sa-testing"
TESTING_YC_SA_PROFILE_NAME="preprod-yc.wall-e.main-sa-testing"
TESTING_YC_USER_PROFILE_NAME="preprod-fed-user"


# Manage CLI arguments.
USAGE="Usage: $(basename "$0") -s [${PROD_YC_STAGE} | ${PREPROD_YC_STAGE} | ${TESTING_YC_STAGE}]"

while getopts ":s:" opt; do
  case "$opt" in
    s) YC_STAGE=${OPTARG} ;;
    \?) echo "Invalid option -$OPTARG" >&2
    ;;
  esac
done

if [ "${YC_STAGE:-not-specified}" = "not-specified" ];
then
    echo "${USAGE}"
    exit 1
fi


# Set variables according to provided stage name.
if [ "${YC_STAGE}" = "${PROD_YC_STAGE}" ];
then
    YC_STAGE="${PROD_YC_STAGE}"
    CLOUD_API_ENDPOINT="${PROD_CLOUD_API_ENDPOINT}"
    CLOUD_ID="${PROD_CLOUD_ID}"
    FOLDER_ID="${PROD_FOLDER_ID}"
    WALLE_MAIN_SA_ID="${PROD_WALLE_MAIN_SA_ID}"
    YC_SA_PROFILE_NAME="${PROD_YC_SA_PROFILE_NAME}"
    YC_USER_PROFILE_NAME="${PROD_YC_USER_PROFILE_NAME}"
elif [ "${YC_STAGE}" = "${PREPROD_YC_STAGE}" ];
then
    YC_STAGE="${PREPROD_YC_STAGE}"
    CLOUD_API_ENDPOINT="${PREPROD_CLOUD_API_ENDPOINT}"
    CLOUD_ID="${PREPROD_CLOUD_ID}"
    FOLDER_ID="${PREPROD_FOLDER_ID}"
    WALLE_MAIN_SA_ID="${PREPROD_WALLE_MAIN_SA_ID}"
    YC_SA_PROFILE_NAME="${PREPROD_YC_SA_PROFILE_NAME}"
    YC_USER_PROFILE_NAME="${PREPROD_YC_USER_PROFILE_NAME}"
elif [ "${YC_STAGE}" = "${TESTING_YC_STAGE}" ];
then
    YC_STAGE="${TESTING_YC_STAGE}"
    CLOUD_API_ENDPOINT="${TESTING_CLOUD_API_ENDPOINT}"
    CLOUD_ID="${TESTING_CLOUD_ID}"
    FOLDER_ID="${TESTING_FOLDER_ID}"
    WALLE_MAIN_SA_ID="${TESTING_WALLE_MAIN_SA_ID}"
    YC_SA_PROFILE_NAME="${TESTING_YC_SA_PROFILE_NAME}"
    YC_USER_PROFILE_NAME="${TESTING_YC_USER_PROFILE_NAME}"
else
    echo "ERROR: Unknown YC Stage \"${YC_STAGE}\"."
    echo "${USAGE}"
    exit 1
fi


# Common variables.
IAM_KEY_FILE_PATH="${HOME}/${YC_STAGE}_${WALLE_MAIN_SA_ID}_key.json"
IAM_KEY_DESCRIPTION="${USER}'s '${YC_SA_PROFILE_NAME}' yc/ycp profile key"


# Check if yc profile for service account already exists.
if yc config profile get "${YC_SA_PROFILE_NAME}" > /dev/null 2>&1;
then
    echo "* yc profile \"${YC_SA_PROFILE_NAME}\" already exists."
    exit 1
fi

# Switch to yc profile for user account.
if ! yc config profile activate "${YC_USER_PROFILE_NAME}" > /dev/null 2>&1;
then
    echo "* Can not switch to \"${YC_USER_PROFILE_NAME}\" yc profile."
    exit 1
fi

# Create IAM key for service account.
echo "* Creating IAM key for service account \"${WALLE_MAIN_SA_ID}\"..."
yc iam key create \
    --service-account-id "${WALLE_MAIN_SA_ID}" \
    --output "${IAM_KEY_FILE_PATH}" \
    --cloud-id "${CLOUD_ID}" \
    --folder-id "${FOLDER_ID}" \
    --description "${IAM_KEY_DESCRIPTION}" || \
    {
        echo "* Error creating IAM key for service account."
        exit 1
    }
echo "* Done."

# Create yc profile for service account.
echo "* Creating yc profile \"${YC_SA_PROFILE_NAME}\" for service account \"${WALLE_MAIN_SA_ID}\"..."
yc config profile create "${YC_SA_PROFILE_NAME}" || \
    {
        echo "* Error creating yc profile \"${YC_SA_PROFILE_NAME}\"."
        exit 1
    }
echo "* Done."


# Configure yc profile for service account.
echo "* Configuring yc profile \"${YC_SA_PROFILE_NAME}\"..."
yc config set endpoint "${CLOUD_API_ENDPOINT}" --profile "${YC_SA_PROFILE_NAME}"
yc config set folder-id "${FOLDER_ID}" --profile "${YC_SA_PROFILE_NAME}"
yc config set cloud-id "${CLOUD_ID}" --profile "${YC_SA_PROFILE_NAME}"
yc config set service-account-key "${IAM_KEY_FILE_PATH}" --profile "${YC_SA_PROFILE_NAME}"
echo "* Done."
echo

echo "* Your key is in file '${IAM_KEY_FILE_PATH}'. \
   In order to set up 'ycp' profile, 'cut' the key, copy it, and paste it in YCP config file ~/.config/ycp/config.yaml . \
   Example of YCP config file: ycp_config_example.yaml"
