#!/bin/sh -e

ROOT_DIR="/Berkanavt/jaeger"
ENV_FILE="$ROOT_DIR/etc/jaeger.environment"

T_USER="user_tracing"
T_GROUP="group_tracing"

SEC_OAUTH="/Berkanavt/keys/tracing/ydb.oauth"
SEC_CACHE="/dev/shm/secret.cache"
SEC_SCRIPT="/usr/local/bin/getsecrets.py -c $SEC_CACHE"
SEC_PATH="/Berkanavt/jaeger/etc"

case "$1" in
	configure)
		/bin/chmod 440 ${ENV_FILE}

		if [ "$SUDO_USER" = "z2" ] ; then
			export SUDO_USER="robot-skc"
		fi
		rm -vf $SEC_CACHE
		$SEC_SCRIPT -i sec-01dmjfzn46m7wfs725tdmwz12w -f $SEC_OAUTH -o $T_USER:$T_GROUP -p 400 -k oauth_ydb --format "{value}"
		SSL_SECRET="sec-01fnbkregxh9pzvcghx4k0myky"
		SSL_KEY_ID="7F0019ACE778DA66F3D61DFD7200020019ACE7"
		$SEC_SCRIPT -i $SSL_SECRET -f ${SEC_PATH}/jaeger_cert.pem -o $T_USER:$T_GROUP -p 400 -k ${SSL_KEY_ID}_certificate --format "{value}"
		$SEC_SCRIPT -i $SSL_SECRET -f ${SEC_PATH}/jaeger_key.pem -o $T_USER:$T_GROUP -p 400 -k ${SSL_KEY_ID}_private_key --format "{value}"
		rm -vf $SEC_CACHE

		sed -i "s/OAUTH-YDB-TOKEN/$(cat $SEC_OAUTH 2>/dev/null)/" $ENV_FILE

		/bin/systemctl daemon-reload
		for APP in jaeger-collector ydb-watcher yandex-solomon-agent ; do
			if ! /bin/systemctl enable ${APP} ; then
				echo "Cannot enable ${APP} service!"
			fi
			if ! /bin/systemctl restart ${APP} ; then
				echo "Cannot restart ${APP} service!"
			fi
		done
	;;
	*)
		;;
esac
