#!/bin/sh

set -e

if ! [ -r /etc/openstack-debian-images-updater/openstack-debian-images-updater.conf ] ; then
	echo "Cannot read configuration in etc/openstack-debian-images-updater/openstack-debian-images-updater.conf"
	exit 1
fi

. /etc/openstack-debian-images-updater/openstack-debian-images-updater.conf

for CREDENTIAL_FILE in $(echo ${CREDENTIAL_LIST} | tr ',' ' ') ; do
	unset IMAGE_TYPE
	unset RELEASES
	unset OCTAVIA_IMAGE
	unset MANILA_IMAGE
	unset HASHICORP_VAULT_LOGIN_URL
	unset HASHICORP_VAULT_ROLE_ID
	unset HASHICORP_VAULT_SECRET_ID
	unset HASHICORP_VAULT_TOKEN
	unset HASHICORP_VAULT_SECRET_URL
	unset HASHICORP_VAULT_JSON_PATH_OS_AUTH_URL
	unset HASHICORP_VAULT_JSON_PATH_OS_PASSWORD
	unset HASHICORP_VAULT_JSON_PATH_OS_USERNAME
	. /etc/openstack-debian-images-updater/${CREDENTIAL_FILE}

	if [ -n "${HASHICORP_VAULT_LOGIN_URL}" ] ; then
		if [ -n "${HASHICORP_VAULT_ROLE_ID}" ] && [ "${HASHICORP_VAULT_SECRET_ID}" ] ; then
			HASHICORP_VAULT_TOKEN=$(curl -s --request POST --data '{"role_id":"'${HASHICORP_VAULT_ROLE_ID}'","secret_id":"'${HASHICORP_VAULT_SECRET_ID}'"}' ${HASHICORP_VAULT_LOGIN_URL} | jq '.["auth"]["client_token"]' -r)
		fi
		if [ -n "${HASHICORP_VAULT_TOKEN}" ] ; then
			if [ -n "${HASHICORP_VAULT_JSON_PATH_OS_AUTH_URL}" ] ; then
				export OS_AUTH_URL=$(curl -s -sS -H "X-Vault-Token: ${HASHICORP_VAULT_TOKEN}" ${HASHICORP_VAULT_SECRET_URL} -H "accept: */*" | jq -r ${HASHICORP_VAULT_JSON_PATH_OS_AUTH_URL})
			fi
			if [ -n "${HASHICORP_VAULT_JSON_PATH_OS_PASSWORD}" ] ; then
				export OS_PASSWORD=$(curl -s -sS -H "X-Vault-Token: ${HASHICORP_VAULT_TOKEN}" ${HASHICORP_VAULT_SECRET_URL} -H "accept: */*" | jq -r ${HASHICORP_VAULT_JSON_PATH_OS_PASSWORD})
			fi
			if [ -n "${HASHICORP_VAULT_JSON_PATH_OS_USERNAME}" ] ; then
				export OS_USERNAME=$(curl -s -sS -H "X-Vault-Token: ${HASHICORP_VAULT_TOKEN}" ${HASHICORP_VAULT_SECRET_URL} -H "accept: */*" | jq -r ${HASHICORP_VAULT_JSON_PATH_OS_USERNAME})
			fi
		fi
	fi
	echo "=========> Checking if images at ${OS_AUTH_URL} need updates"

	# Check for all releases
	if [ -n ${RELEASES} ] ; then for RELEASE in $(echo ${RELEASES} | tr ',' ' ') ; do
		echo "---> Checking for ${RELEASE} at ${OS_AUTH_URL}"
		LATEST=$(curl -s ${BUILD_FARM_URL}/${RELEASE}/current/latest)
		IMG_FILENAME=${LATEST}.${IMAGE_TYPE}
		echo "-> Latest in build farm is ${IMG_FILENAME}"
		IMAGE=$(openstack image list --property os_distro=debian --format value -c Name --name ${IMG_FILENAME})
		if [ -z "${IMAGE}" ] ; then
			echo "-> Needs update..."
			rm -f ${IMG_FILENAME}
			IMAGE_VERSION=$(curl -s ${BUILD_FARM_URL}/${RELEASE}/current/current_point_release)
			if echo ${IMAGE_VERSION} | grep -q '~' ; then
				echo "Not released Debian"
			else
				MINOR_VERSION=$(curl -s ${BUILD_FARM_URL}/${RELEASE}/current/current_minor_version)
				IMAGE_VERSION="${IMAGE_VERSION}.${MINOR_VERSION}"
			fi
			wget ${BUILD_FARM_URL}/${RELEASE}/current/${IMG_FILENAME}
			openstack image create \
				--container-format bare \
				--disk-format ${IMAGE_TYPE} \
				--property hw_disk_bus=scsi \
				--property hw_scsi_model=virtio-scsi \
				--property os_type=linux \
				--property os_distro=debian \
				--property os_version=${IMAGE_VERSION} \
				--file ${IMG_FILENAME} \
				--public \
				${IMG_FILENAME}
			rm -f ${IMG_FILENAME}
		else
			echo "-> Image already present"
		fi
	done ; fi
	# Check for the Octavia Amphora
	if [ -n "${OCTAVIA_IMAGE}" ] ; then
		echo "---> Checking for octavia image ${OCTAVIA_IMAGE} at ${OS_AUTH_URL}"
		LATEST=$(curl -s ${BUILD_FARM_URL}/octavia/${OCTAVIA_IMAGE}/current/latest)
		IMG_FILENAME=${LATEST}.${IMAGE_TYPE}
		echo "-> Latest in build farm is ${IMG_FILENAME}"
		IMAGE=$(openstack image list --tag amphora --format value -c Name)
		if [ "${IMAGE}" != "${IMG_FILENAME}" ] ; then
			echo "-> Octavia image needs update..."
			wget ${BUILD_FARM_URL}/octavia/${OCTAVIA_IMAGE}/current/${IMG_FILENAME}
			openstack image create \
				--container-format bare \
				--disk-format ${IMAGE_TYPE} \
				--property hw_disk_bus=scsi \
				--property hw_scsi_model=virtio-scsi \
				--property os_type=linux \
				--property os_distro=debian \
				--property os_version=${IMAGE_VERSION} \
				--tag amphora \
				--file ${IMG_FILENAME} \
				${IMG_FILENAME}
			rm -f ${IMG_FILENAME}
			if [ -n "${IMAGE}" ] ; then
				openstack image unset --tag amphora ${IMAGE}
			fi
		else
			echo "-> Octavia image up-to-date"
		fi
	fi

	# Check for an update to the Manila image
	if [ -n "${MANILA_IMAGE}" ] ; then
		set -x
		echo "---> Checking for Manila image ${MANILA_IMAGE} at ${OS_AUTH_URL}"
		LATEST=$(curl -s ${BUILD_FARM_URL}/manila/${MANILA_IMAGE}/current/latest)
		IMG_FILENAME=${LATEST}.${IMAGE_TYPE}
		LATEST_SHA512SUM=$(curl -s ${BUILD_FARM_URL}/manila/${MANILA_IMAGE}/current/SHA512SUMS | grep ${IMG_FILENAME} | awk '{print $1}')
		echo "-> Latest in build farm is ${IMG_FILENAME} with checksum ${LATEST_SHA512SUM}"
		DEPLOYMENT_SHA512SUM=$(openstack image show manila-service-image --format json -c properties | jq -r '.["properties"]["os_hash_value"]' || true)
		if [ "${DEPLOYMENT_SHA512SUM}" != "${LATEST_SHA512SUM}" ] ; then
			wget ${BUILD_FARM_URL}/manila/${MANILA_IMAGE}/current/${IMG_FILENAME}
			openstack image delete manila-service-image || true
			openstack image create \
				--container-format bare \
				--disk-format ${IMAGE_TYPE} \
				--property hw_disk_bus=scsi \
				--property hw_scsi_model=virtio-scsi \
				--property os_type=linux \
				--property os_distro=debian \
				--property os_version=${IMAGE_VERSION} \
				--file ${IMG_FILENAME} \
				manila-service-image
			rm -f ${IMG_FILENAME}
		fi
	fi
done
