#!/bin/bash
set -x
# Currently action is unused, but it will be.
action=$1
overcloud_container_name=$2

if [[ "$action" == 'request' || "$action" == 'resubmit' ]]; then
    overcloud_fqdn=$3

    OVERCLOUD_CERT_PATH="/etc/pki/tls/certs/overcloud-${overcloud_container_name}-cert.pem"
    OVERCLOUD_KEY_PATH="/etc/pki/tls/private/overcloud-${overcloud_container_name}-key.pem"

    # This validates that overcloud_fqdn is actually an FQDN
    if [[ ! $(echo "$overcloud_fqdn" | grep -P '(?=^.{1,254}$)(^(?>(?!\d+\.)[a-zA-Z0-9_\-]{1,63}\.?)+(?:[a-zA-Z]{2,})$)') ]]
    then
        exit 1
    fi

    # Skip request if the request already exists
    /usr/bin/getcert list -c local -i "overcloud-${overcloud_container_name}-cert" > /dev/null
    request_exists=$?
    if [[ $request_exists != 0 || "$action" == 'resubmit' ]];
    then
        if [[ "$action" == "request" ]]; then
            /usr/bin/getcert request -c local \
                -I "overcloud-${overcloud_container_name}-cert" \
                -f $OVERCLOUD_CERT_PATH \
                -k $OVERCLOUD_KEY_PATH \
                -N "CN=${overcloud_fqdn}" \
                -D "$overcloud_fqdn" \
                -C "/usr/bin/chown mistral:mistral $OVERCLOUD_CERT_PATH $OVERCLOUD_KEY_PATH" \
                -w -v
        else
            /usr/bin/getcert resubmit -c local \
                -i "overcloud-${overcloud_container_name}-cert" \
                -f $OVERCLOUD_CERT_PATH \
                -N "CN=${overcloud_fqdn}" \
                -D "$overcloud_fqdn" \
                -C "/usr/bin/chown mistral:mistral $OVERCLOUD_CERT_PATH $OVERCLOUD_KEY_PATH" \
                -w -v
        fi
    fi
elif [[ "$action" == 'query' ]]; then
    /usr/bin/getcert list -c local -i "overcloud-${overcloud_container_name}-cert"
else
    echo "Unkown action $action"
    exit 1
fi