#!/bin/sh


set -e


#-------------------------------------------------------------------------


check_mod()
{
    mod=$1 ; shift
    own=$1 ; shift

    echo "Checking file or directory $@ for mod $mod and owner $own"
    if [ -d "$@" -o -f "$@" ] ; then
        chmod $mod "$@"
        chown $own "$@"
    fi
}

check_exist()
{
    what=$1 ; shift
    mod=$1 ; shift
    own=$1 ; shift

    case $what in
        -f)
            echo "Checking if file $@ exists"
            [ ! -f "$@" ] && mkdir -p "${@%/*}" && touch "$@"
            ;;
        -d)
            echo "Checking if directory $@ exists"
            [ ! -d "$@" ] && mkdir -p "$@"
            ;;
        *)
            ;;
    esac
    check_mod $mod $own $@
}

check_conductor_group()
{
    local _group=$1 _hostname _groups

    _hostname=$(/bin/hostname)
    _groups=$(/usr/bin/curl -s "https://c.yandex-team.ru/api/hosts2groups/$_hostname")
    if /usr/bin/curl -s "https://c.yandex-team.ru/api/hosts2groups/$_hostname" | grep -qE "^$_group\$" ; then
        return 0
    else
        return 1
    fi
}


#-------------------------------------------------------------------------


post_install()
{
    SEC_CACHE="/dev/shm/secret.cache"
    SEC_SCRIPT="/usr/local/bin/getsecrets.py -c $SEC_CACHE"
    SEC_DIR="/Berkanavt/keys/solomon"

    check_exist -d 755 root:root $SEC_DIR
    check_exist -d 755 root:root /etc/nginx/ssl

    HWWATCHER_FMT='[bot]
{key} = {value}'

    MDS_FMT='{{
    "AccessKeyId": "{value[0]}",
    "AccessSecretKey": "{value[1]}"
}}'

    if [ "$SUDO_USER" = "z2" ] ; then
        export SUDO_USER="robot-skc"
    fi

    rm -vf $SEC_CACHE

    ENV="$(cat /etc/solomon/env)"
    case $ENV in
        production)
            $SEC_SCRIPT -i sec-01d88cyae0kdnphnrpyyj7ga72 -f $SEC_DIR/fetcher_private.key -o user_fetcher:group_solomon -p 400 -k private.key --format "{value}" # SOLOMON-4052
            $SEC_SCRIPT -i sec-01d88cyae0kdnphnrpyyj7ga72 -f $SEC_DIR/fetcher_public.key -o user_fetcher:group_solomon -p 400 -k public.key --format "{value}" # SOLOMON-4052

            $SEC_SCRIPT -i sec-01g7m68v1rxcqdf036pwc03qe1 -f $SEC_DIR/mon_internal_cert.pem -o user_fetcher:group_solomon -p 440 -k 7F001DBBBC5D5E24B6572230DB0002001DBBBC_certificate --format "{value}" # SOLOMON-8807
            $SEC_SCRIPT -i sec-01g7m68v1rxcqdf036pwc03qe1 -f $SEC_DIR/mon_internal_key.pem -o user_fetcher:group_solomon -p 440 -k 7F001DBBBC5D5E24B6572230DB0002001DBBBC_private_key --format "{value}" # SOLOMON-8807

            $SEC_SCRIPT -i sec-01dk6xqsw706fav703xw79xr43 -f "$SEC_DIR/mds.secret" -p 400 -o user_backup -k AccessKeyId,AccessSecretKey --format "$MDS_FMT"
            $SEC_SCRIPT -i sec-01e64dej5as3zqkfwacqe6t13p -f "$SEC_DIR/yt.secret" -p 400 -o user_backup -k YTToken --format "{value}"

            if /bin/hostname | grep -qv cloud ; then
                $SEC_SCRIPT -i sec-01cv07hhpjw4b4tk35a21tpvcm -f /etc/hw_watcher/conf.d/token.conf -o hw-watcher:hw-watcher --format "$HWWATCHER_FMT"
            fi
            if $(check_conductor_group solomon_prod_gateway) ; then
                #SSL_SECRET="sec-01ekd6kp35bwmksb9hfhptg0px"
                #SSL_KEY_ID="4C7F1E2C14325138208C81B4D4D112A0"
                #$SEC_SCRIPT -i $SSL_SECRET -f /etc/nginx/ssl/solomon_cert.pem -p 400 -k ${SSL_KEY_ID}_certificate --format "{value}"
                #$SEC_SCRIPT -i $SSL_SECRET -f /etc/nginx/ssl/solomon_key.pem -p 400 -k ${SSL_KEY_ID}_private_key --format "{value}"

                $SEC_SCRIPT -i sec-01esv0tgpe035ykep9sfxsvyac -f "$SEC_DIR/logbroker_secret" -p 400 -k client_secret --format "{value}"
            fi
            ;;
        prestable)
            if $(check_conductor_group solomon_pre_front) ; then
                #SSL_SECRET="sec-01enqrzxxhrak5608t2bn2by8k"
                #SSL_KEY_ID="7F0010E67CADBF35A1AF37E25A00020010E67C"
                #$SEC_SCRIPT -i $SSL_SECRET -f /etc/nginx/ssl/solomon-test_cert.pem -p 400 -k ${SSL_KEY_ID}_certificate --format "{value}"
                #$SEC_SCRIPT -i $SSL_SECRET -f /etc/nginx/ssl/solomon-test_key.pem -p 400 -k ${SSL_KEY_ID}_private_key --format "{value}"

                $SEC_SCRIPT -i sec-01esv0tgpe035ykep9sfxsvyac -f "$SEC_DIR/logbroker_secret" -p 400 -k client_secret --format "{value}"
            fi
            $SEC_SCRIPT -i sec-01d88cyae0kdnphnrpyyj7ga72 -f $SEC_DIR/fetcher_private.key -o user_fetcher:group_solomon -p 400 -k preprod.private.key --format "{value}" # SOLOMON-4052
            $SEC_SCRIPT -i sec-01d88cyae0kdnphnrpyyj7ga72 -f $SEC_DIR/fetcher_public.key -o user_fetcher:group_solomon -p 400 -k preprod.public.key --format "{value}" # SOLOMON-4052

            $SEC_SCRIPT -i sec-01g7m68v1rxcqdf036pwc03qe1 -f $SEC_DIR/mon_internal_cert.pem -o user_fetcher:group_solomon -p 440 -k 7F001DBBBC5D5E24B6572230DB0002001DBBBC_certificate --format "{value}" # SOLOMON-8807
            $SEC_SCRIPT -i sec-01g7m68v1rxcqdf036pwc03qe1 -f $SEC_DIR/mon_internal_key.pem -o user_fetcher:group_solomon -p 440 -k 7F001DBBBC5D5E24B6572230DB0002001DBBBC_private_key --format "{value}" # SOLOMON-8807

            $SEC_SCRIPT -i sec-01dk6xqsw706fav703xw79xr43 -f "$SEC_DIR/mds.secret" -p 400 -o user_backup -k AccessKeyId,AccessSecretKey --format "$MDS_FMT"
            $SEC_SCRIPT -i sec-01e64dej5as3zqkfwacqe6t13p -f "$SEC_DIR/yt.secret" -p 400 -o user_backup -k YTToken --format "{value}"
            ;;
        testing)
            if $(check_conductor_group solomon_test_front) ; then
                #SSL_SECRET="sec-01enqrzxxhrak5608t2bn2by8k"
                #SSL_KEY_ID="7F0010E67CADBF35A1AF37E25A00020010E67C"
                #$SEC_SCRIPT -i $SSL_SECRET -f /etc/nginx/ssl/solomon-test_cert.pem -p 400 -k ${SSL_KEY_ID}_certificate --format "{value}"
                #$SEC_SCRIPT -i $SSL_SECRET -f /etc/nginx/ssl/solomon-test_key.pem -p 400 -k ${SSL_KEY_ID}_private_key --format "{value}"

                $SEC_SCRIPT -i sec-01esv0tgpe035ykep9sfxsvyac -f "$SEC_DIR/logbroker_secret" -p 400 -k client_secret --format "{value}"
            fi

            $SEC_SCRIPT -i sec-01d88cyae0kdnphnrpyyj7ga72 -f $SEC_DIR/fetcher_private.key -o user_fetcher:group_solomon -p 400 -k preprod.private.key --format "{value}" # SOLOMON-4052
            $SEC_SCRIPT -i sec-01d88cyae0kdnphnrpyyj7ga72 -f $SEC_DIR/fetcher_public.key -o user_fetcher:group_solomon -p 400 -k preprod.public.key --format "{value}" # SOLOMON-4052
            ;;
        *)
            echo "Unknown environment: $ENV"
            exit 1
            ;;
    esac
    rm -vf $SEC_CACHE

}


#-------------------------------------------------------------------------


case "$1" in
    configure)
        post_install
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst was called with unknown argument '$1'" >&2
        exit 1
    ;;
esac

#DEBHELPER#

exit 0
