#! /usr/bin/env bash
set -e

if [[ $# -lt 1 ]]; then
    MYNAME="$(basename $0)"
    cat - <<USAGE
$MYNAME
Grab dns-ingress tls certs from local k3s secrets and copy over to
szdocker's adguard

Usage:
    $MYNAME <app-name> [<secret-name> [cmdline with \$FILE receiving content]]

Example:
    $MYNAME dns-ingress external-service-tls-0 '{ 
        echo /opt/adguardhome/conf/\$FILE;
        ssh szdocker@szdocker.lan sudo tee /srv/containeriszed/0.local/adguardhome/conf/\$FILE > /dev/null;
    }'

Arguments
    app-name    - name of the ix-app
    secret-name - name of the secret, when ommitted, a sorted list of
                  secrets will be listed
    cmdline...  - Command to run on the secret, \$FILE will be the
                  secret name, where stdin will contain the content of
                  the secret

USAGE
    false
else
    APPNAME="${1}"
    NS="--namespace=ix-${APPNAME:?Appname was not specified}"
    if [[ -z "${2}" ]]; then
        # shellcheck disable=SC2086 # ${NS} unqouted on purpose
        k3s kubectl get secrets ${NS} | sort
        exit
    fi
    SECRETNAME="${APPNAME}-${2}"
    PIPECMD="${*:3}"
    PIPECMD="${PIPECMD:-cat -}"
    # shellcheck disable=SC2086 # ${NS} unqouted on purpose
    mapfile -t FILES < <(k3s kubectl get secrets ${NS} "${SECRETNAME}" --output=json | jq -r '.data | keys[]')
    for FILE in "${FILES[@]}"; do
        # shellcheck disable=SC2086 # ${NS} and $PIPECMD unqouted on purpose
        k3s kubectl get secrets ${NS} "${SECRETNAME}" --output=json | jq -r '.data["'"${FILE}"'"] | @base64d' | eval $PIPECMD
    done
fi