#!/bin/sh


set -e


#-------------------------------------------------------------------------


check_mod()
{
	mod=$1 ; shift
	own=$1 ; shift

	echo "Checking file or directory $@ for mod $mod and owner $own"
	if [ -d "$@" -o -f "$@" ] ; then
		chmod $mod "$@"
		chown $own "$@"
	fi
}

check_exist()
{
	what=$1 ; shift
	mod=$1 ; shift
	own=$1 ; shift

	case $what in
		-f)
			echo "Checking if file $@ exists"
			[ ! -f "$@" ] && mkdir -p "${@%/*}" && touch "$@"
			;;
		-d)
			echo "Checking if directory $@ exists"
			[ ! -d "$@" ] && mkdir -p "$@"
			;;
		*)
			;;
	esac
	check_mod $mod $own $@
}


#-------------------------------------------------------------------------


post_install()
{
	SEC_SCRIPT="/usr/local/bin/getsecrets.py"
	SEC_CACHE="/dev/shm/secret.cache"
	SEC_DIR="/Berkanavt/keys/solomon"
	SEC_CACHE="/dev/shm/secret.cache"

	check_exist -d 755 root:root $SEC_DIR
	check_exist -d 755 root:root /etc/nginx/ssl


	if [ "$SUDO_USER" = "z2" ] ; then
		export SUDO_USER="robot-skc"
	fi

	AGENT_CLOUD_PRE_SECRET_FILE="$SEC_DIR/agent_cloud_prestable.secret"

        MDS_FMT='{{
    "AccessKeyId": "{value[0]}",
    "AccessSecretKey": "{value[1]}"
}}'
	AGENT_REGISTRATION_FMT="Registration {{
    Project: \"solomon\"
    Cluster: \"{value[0]}\"
    Endpoints: {{
        Type: CLOUD_PREPROD
        OAuthConfig: {{
            SecretFile: \"${AGENT_CLOUD_PRE_SECRET_FILE}\"
        }}
    }}
}}"

    ENV=$(cat /etc/solomon/env)
	case $ENV in
		cloud-prod)
			PRIV="prod.priv"
			YDB_KEY_JSON="prod.json"
			FETCHER_PREFIX=""

			PUSH_TVM="tvm-production"
			$SEC_SCRIPT -i sec-01dzv2nmbna85mm2ej0e340rwt -f "$SEC_DIR/agent.registration" -p 400 -o user_agent:group_solomon -k Cluster --format "$AGENT_REGISTRATION_FMT"
			$SEC_SCRIPT -i sec-01dzv2nmbna85mm2ej0e340rwt -f "$SEC_DIR/agent.registration" -p 400 -o user_agent:group_solomon -k OAuthToken --format "{value}"
			;;
		cloud-preprod)
			PRIV="preprod.priv"
			YDB_KEY_JSON="preprod.json"
			FETCHER_PREFIX="preprod."

			PUSH_TVM="tvm-prestable"
			$SEC_SCRIPT -i sec-01dzv2hxmpqtbvyf43wcryz0da -f "$SEC_DIR/agent.registration" -p 400 -o user_agent:group_solomon -k Cluster --format "$AGENT_REGISTRATION_FMT"
			$SEC_SCRIPT -i sec-01dzv2hxmpqtbvyf43wcryz0da -f "$SEC_DIR/agent.registration" -p 400 -o user_agent:group_solomon -k OAuthToken --format "{value}"
			;;
		*)
			echo "Unknown environment: $ENV"
			exit 1
			;;
	esac

	$SEC_SCRIPT -i sec-01dk6xqsw706fav703xw79xr43 -f "$SEC_DIR/mds.secret" -p 400 -o user_backup -k AccessKeyId,AccessSecretKey --format "$MDS_FMT"
	$SEC_SCRIPT -i sec-01epqgtjrbvrj63741d37ny54e -f "$SEC_DIR/ydb_global_iam.pem" -p 440 -o user_gateway:group_solomon -k $PRIV --format "{value}"
	$SEC_SCRIPT -i sec-01epqgtjrbvrj63741d37ny54e -f "$SEC_DIR/ydb_global_iam.json" -p 440 -o user_gateway:group_solomon -k $YDB_KEY_JSON --format "{value}"

	if hostname | grep -q gateway ; then
		PUSHID="statbox"
		if ! id $PUSHID > /dev/null 2>&1 ; then
			PUSHID=10000
		fi
		$SEC_SCRIPT -i sec-01d5rwaab3177cvtzy0d8z9x53 -f "$SEC_DIR/iam.pem" -p 440 -o user_gateway:group_solomon -k $PRIV --format "{value}"
		$SEC_SCRIPT -i sec-01ddjr1pgkrp7jr2vrbgqvm4hp -f "$SEC_DIR/push_tvm.secret" -p 400 -o $PUSHID -k $PUSH_TVM --format "{value}"
	elif hostname | grep -q core ; then
		$SEC_SCRIPT -i sec-01d88cyae0kdnphnrpyyj7ga72 -f "$SEC_DIR/iam.pem" -p 440 -o user_coremon:group_solomon -k ${FETCHER_PREFIX}private.key --format "{value}"
		$SEC_SCRIPT -i sec-01d88cyae0kdnphnrpyyj7ga72 -f "$SEC_DIR/fetcher_private.key" -o user_fetcher:group_solomon -p 400 -k ${FETCHER_PREFIX}private.key --format "{value}"
		$SEC_SCRIPT -i sec-01d88cyae0kdnphnrpyyj7ga72 -f "$SEC_DIR/fetcher_public.key" -o user_fetcher:group_solomon -p 400 -k ${FETCHER_PREFIX}public.key --format "{value}"
	elif hostname | grep -q alerting ; then
		$SEC_SCRIPT -i sec-01d5rwaab3177cvtzy0d8z9x53 -f "$SEC_DIR/iam.pem" -p 440 -o user_gateway:group_solomon  -k $PRIV --format "{value}"
	fi
}


#-------------------------------------------------------------------------


case "$1" in
	configure)
		post_install
	;;

	abort-upgrade|abort-remove|abort-deconfigure)
	;;

	*)
		echo "postinst was called with unknown argument '$1'" >&2
		exit 1
	;;
esac

#DEBHELPER#

exit 0
