#!/usr/bin/env bash

set -eo pipefail
shopt -s nullglob

WHEREAMI="$(cd "$(dirname "$0")" && pwd)"

# ---------------------------- Load Common Routines ---------------------------

. "${WHEREAMI}"/routines

# ----------------- Check if User Provided Parameters are Set ------------------

. "${WHEREAMI}"/chk-usr-env

# ----------------------- Set Common Default Parameters ------------------------

. "${WHEREAMI}"/set-default-env

# --------------------- Maybe Generate Manager TLS Assets ----------------------

. "${WHEREAMI}"/gen-mgr-tls-assets

# --------------------------- Set Default Parameters ---------------------------

MANAGER_CONFIG_DIR=${MANAGER_CONFIG_DIR:-"/etc/opt/imply/manager"}

IMPLY_MANAGER_FE_PORT=${IMPLY_MANAGER_FE_PORT:-9097}
IMPLY_MANAGER_FE_VERBOSE=${IMPLY_MANAGER_FE_VERBOSE:-false}
IMPLY_MANAGER_FE_ONPREM_MODE=${IMPLY_MANAGER_FE_ONPREM_MODE:-onPremCattle}
IMPLY_MANAGER_FE_VAR_DIR=${IMPLY_MANAGER_FE_VAR_DIR:-$MANAGER_CONFIG_DIR}

# Note: Manager FE only recognizes the string "pg" for the postgresql store
#       type. JDBC (used by Manager BE) only recognizes "postgresql" as the
#       postgresql database type so we prefer the user to specify "postgresql"
if [[ "${IMPLY_MANAGER_STORE_TYPE}" == "postgresql" ]]; then
  IMPLY_MANAGER_STORE_TYPE="pg"
fi

# --------------------------------- Load Version -------------------------------

. "${MANAGER_CONFIG_DIR}"/imply-manager.version

# ------------------------- Generate Manager-FE Config -------------------------

MANAGER_FE_CONFIG="${MANAGER_CONFIG_DIR}"/manager-fe.yaml

cat <<EOT > "${MANAGER_FE_CONFIG}"
#
# This file was automatically generated and should not be edited. 
#

verbose: ${IMPLY_MANAGER_FE_VERBOSE}
port: ${IMPLY_MANAGER_FE_PORT}
varDir: '${IMPLY_MANAGER_FE_VAR_DIR}'
managerHost: '${IMPLY_MANAGER_HOST}:${IMPLY_MANAGER_BE_PORT}'
externalClarity: https://clarity.imply.io
environment: '${IMPLY_MANAGER_FE_ONPREM_MODE}' 
distributionVersion: '${IMPLY_MANAGER_VERSION}'
superPrincipal: '${IMPLY_MANAGER_SUPER_PRINCIPAL}'
stateStore:
  type: '${IMPLY_MANAGER_STORE_TYPE}'
  tablePrefix: 'manager-fe-'
  connection:
    host: '${IMPLY_MANAGER_STORE_HOST}'
    port: ${IMPLY_MANAGER_STORE_PORT}
    user: '${IMPLY_MANAGER_STORE_USER}'
    password: '${IMPLY_MANAGER_STORE_PASSWORD}'
    database: '${IMPLY_MANAGER_STORE_DATABASE}'
EOT

# ----------------------------- HSTS Configuration ----------------------------_

if [[ -n "${IMPLY_MANAGER_STRICT_TRANSPORT_SECURITY}" ]]; then
  cat <<EOT >> "${MANAGER_FE_CONFIG}"
strictTransportSecurity: '${IMPLY_MANAGER_STRICT_TRANSPORT_SECURITY}'
EOT
fi

# ----------------- Configure TLS Connection to Manager Store ------------------

if [[ -f "${IMPLY_MANAGER_STORE_CA_CERT_PATH}" ]]; then
  cat <<EOT >> "${MANAGER_FE_CONFIG}"
    ssl:
      ca: |-
$(indent 4 < "${IMPLY_MANAGER_STORE_CA_CERT_PATH}")
EOT

if [ "$IMPLY_MANAGER_STORE_TYPE" == "postgresql" ]; then
cat <<EOT >> /opt/imply/onprem-fe/config.yaml
      rejectUnauthorized: "${IMPLY_MANAGER_REJECT_PG_SELF_SIGNED_CERT:-true}"
EOT
fi

  # ---------------------- Maybe set Client Cert Key Pair ------------------------

  if [[ -f "${IMPLY_MANAGER_STORE_CLIENT_CERT_PATH}" && -f "${IMPLY_MANAGER_STORE_CLIENT_KEY_PATH}" ]]; then
    cat <<EOT >> "${MANAGER_FE_CONFIG}"
      cert: |-
$(indent 4 < "${IMPLY_MANAGER_STORE_CLIENT_CERT_PATH}")
EOT
  cat <<EOT >> "${MANAGER_FE_CONFIG}"
      key: |-
$(indent 4 < "${IMPLY_MANAGER_STORE_CLIENT_KEY_PATH}")
EOT
  fi
fi

# ---------------------------- Configure License Key ---------------------------

if [[ -n "${IMPLY_MANAGER_LICENSE_KEY}" ]]; then
  cat <<EOT >> "${MANAGER_FE_CONFIG}"
licenseKey: '${IMPLY_MANAGER_LICENSE_KEY}'
EOT
fi

# ------------------------ Configure Authentication Token ----------------------

if [[ -n "${IMPLY_MANAGER_AUTH_TOKEN}" ]]; then
  cat <<EOT >> "${MANAGER_FE_CONFIG}"
managerAuthToken:
  type: basic-auth
  username: imply
  password: '${IMPLY_MANAGER_AUTH_TOKEN}'
EOT
fi

# -------------------------------- Configure TLS -------------------------------

if [[ -f "${IMPLY_MANAGER_CA_CERT_PATH}" ]]; then
  cat <<EOT >> "${MANAGER_FE_CONFIG}"
managerCert: |-
$(indent < "${IMPLY_MANAGER_CA_CERT_PATH}")
EOT
fi

IMPLY_MANAGER_FE_PORT_MIN_TLS_VERSION="TLSv1"
if [ "${IMPLY_MANAGER_FE_PORT_DISABLE_LEGACY_TLS}" == "true" ]; then
  IMPLY_MANAGER_FE_PORT_MIN_TLS_VERSION="TLSv1.2"
fi

if [[ -f "${IMPLY_MANAGER_SSL_KEY_PATH}" && -f "${IMPLY_MANAGER_SSL_CERT_PATH}" ]]; then
  cat <<EOT >> "${MANAGER_FE_CONFIG}"
serverHttpsOptions:
  cert: |-
$(indent 2 < "${IMPLY_MANAGER_SSL_CERT_PATH}")
  key: |-
$(indent 2 < "${IMPLY_MANAGER_SSL_KEY_PATH}")
  minVersion: $IMPLY_MANAGER_FE_PORT_MIN_TLS_VERSION
EOT
fi

# ------------------------------ Log Configuration -----------------------------

if "${VERBOSE_CONFIG_GEN}"; then
  echo -e "\n[${MANAGER_FE_CONFIG}]"

  sed 's/^\(.*password[^:]*:\).*$/\1 **********/gI' "${MANAGER_FE_CONFIG}" |
    sed 's/^\(.*licenseKey[^:]*:\).*$/\1 **********/gI'
fi
