#!/bin/bash
#
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

# install_keystone() - Collect source and prepare
function install_keystone {
	echo "Both installation and startup are included in the deployment of keystone crd."
}
export -f install_keystone

# init_keystone() - Initialize databases, etc.
function init_keystone {

	# NOTE(mnaser): Permissions here are bad but it's temporary so we don't care as much.
	sudo chmod -Rv 777 /etc/keystone

	if [[ "$RECREATE_KEYSTONE_DB" == True ]]; then
		# (Re)create keystone database
		recreate_database keystone
	fi

	# DB sync
	time_start "dbsync"
	sudo docker run -v /etc/keystone:/etc/keystone vexxhost/keystone:latest keystone-manage --config-file $KEYSTONE_CONF db_sync
	time_stop "dbsync"

	# Get fernet keys
	if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then
		rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/"
		mkdir "$KEYSTONE_CONF_DIR/fernet-keys/"
		sudo chmod -Rv 777 "$KEYSTONE_CONF_DIR/fernet-keys/"
		sudo docker run -v /etc/keystone:/etc/keystone vexxhost/keystone:latest keystone-manage --config-file $KEYSTONE_CONF fernet_setup --keystone-user 65534 --keystone-group 65534
	fi

	# Get credential keys
	rm -rf "$KEYSTONE_CONF_DIR/credential-keys/"
	sudo docker run -v /etc/keystone:/etc/keystone vexxhost/keystone:latest keystone-manage --config-file $KEYSTONE_CONF credential_setup --keystone-user 65534 --keystone-group 65534

}
export -f init_keystone

# start_keystone() - Start running processes
function start_keystone {

	# install keystone
	cat <<EOF | kubectl apply -f-
---
apiVersion: identity.openstack.org/v1alpha1
kind: Keystone
metadata:
  name: devstack
spec:
  configDir: ${KEYSTONE_CONF_DIR}
EOF
	# rollout keystone
	kubernetes_rollout_status keystone-devstack

	# Get right service port for testing
	local service_port=$KEYSTONE_SERVICE_PORT
	local auth_protocol=$KEYSTONE_AUTH_PROTOCOL
	if is_service_enabled tls-proxy; then
		service_port=$KEYSTONE_SERVICE_PORT_INT
		auth_protocol="http"
	fi

	proxy_pass_to_kubernetes /identity keystone-devstack

	echo "Waiting for keystone to start..."
	# Check that the keystone service is running. Even if the tls tunnel
	# should be enabled, make sure the internal port is checked using
	# unencryted traffic at this point.
	# If running in Apache, use the path rather than port.

	local service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST/identity/v$IDENTITY_API_VERSION/

	if ! wait_for_service $SERVICE_TIMEOUT $service_uri; then
		die $LINENO "keystone did not start"
	fi

	# Start proxies if enabled
	if is_service_enabled tls-proxy; then
		start_tls_proxy keystone-service '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT
		start_tls_proxy keystone-auth '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT
	fi

	# (re)start memcached to make sure we have a clean memcache.
	kubectl rollout restart statefulset/memcached-devstack
}
export -f start_keystone

# bootstrap_keystone() - Initialize user, role and project
# This function uses the following GLOBAL variables:
# - ``KEYSTONE_BIN_DIR``
# - ``ADMIN_PASSWORD``
# - ``IDENTITY_API_VERSION``
# - ``KEYSTONE_AUTH_URI``
# - ``REGION_NAME``
# - ``KEYSTONE_SERVICE_PROTOCOL``
# - ``KEYSTONE_SERVICE_HOST``
# - ``KEYSTONE_SERVICE_PORT``
function bootstrap_keystone {
	kubectl exec deploy/keystone-devstack -- keystone-manage bootstrap \
		--bootstrap-username admin \
		--bootstrap-password "$ADMIN_PASSWORD" \
		--bootstrap-project-name admin \
		--bootstrap-role-name admin \
		--bootstrap-service-name keystone \
		--bootstrap-region-id "$REGION_NAME" \
		--bootstrap-admin-url "$KEYSTONE_AUTH_URI" \
		--bootstrap-public-url "$KEYSTONE_SERVICE_URI"
}
export -f bootstrap_keystone