#! /usr/bin/env bash
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
USER_HOME=$HOME
[[ -n "${SUDO_USER}" ]] && USER_HOME="$(eval "echo ~${SUDO_USER}")"
. ${SHRC_D:-$SCRIPT_DIR}/01_util.functions 

set -e

JSON=0
if [[ " $* " =~ " --help " ]]; then
    cat <<USAGE
Usage:
       ./tcdbinfo.sh --help
  sudo ./tcdbinfo.sh [--json|--cols=<columns>] [--force] [app1] [app...]

Description:
  When running the script (as root) without any arguments, it will list
  all TrueChart apps with database credential secrets.

  The scope can be narrowed by passing app name arguments.

  The FIRST argument, however, will affect the output:
    --help            - Display this usage text.
    --json            - Output all fields in JSON format
    --cols=<columns>  - Where <columns> can be empty, a preset name or
                        a comma delimited list of columns.

                        An empty string will show the default preset.

                        Presets:
                          default  - The default preset
                          safe     - Similar to the default, but without
                                     the password column
                          debug    - Full connection URL with password
                                     masked with asterisks ('******')

                        Columns:
                          name     - App name, preceding with ix-
                          raw_url  - DB connection URL as it is stored
                                     in kubernetes secrets.
                                     This can only be used within the
                                     same pod
                          url      - Fully formed URL.
                          safeurl  - Same as url, with password masked.
                          protocol - Connection protocol.
                          username - DB Username
                          password - Password
                          pwd_len  - Password length
                          host     - Hostname
                          port     - Conection Port
                          dbname   - DB name

  When '--cols' is not specified, default behavious can be overridden
  by exporting the TCDBCOLS envrionment variable. 

  --cols takes presedence, and overrides any behavior dictated by the
  environment variable
  
USAGE
    exit 0
fi

ARGS=()
ARGS_MODE=1
ALL=0
while [[ -n "$1" ]]; do
    if [[ "$ARGS_MODE" -eq 1 && "$1" =~ ^-- ]]; then
        case "$1" in
            "--json")
                JSON=1
	        ;;
            "--cols"*)
                [[ "$1" =~ ^--cols= ]] || shift
                TCDBCOLS="${1#--cols=}"
	        ;;
	    "--force")
		ALL=1
		;;
	    "--")
		ARGS_MODE='--'
		;;
	    *)
	        ARGS=("${ARGS[@]}" "$1")
        esac
    else
	ARGS=("${ARGS[@]}" "$1")
    fi
    shift
done

TCDBCOLS="${TCDBCOLS:-default}"
case "$TCDBCOLS" in
    'default' )
        TCDBCOLS='name,protocol,username,password,pwd_len,host,port,dbname'
        ;;
    'safe' )
        TCDBCOLS='name,protocol,username,pwd_len,host,port,dbname'
        ;;
    'debug' )
        TCDBCOLS='name,safeurl'
        ;;
esac

require_root

QUERY_NAMESPACE=' -A'
[[ ${#ARGS[@]} -eq 0 ]] || QUERY_NAMESPACE=$( printf -- ' --namespace=ix-%s' "${ARGS[@]}" )

jqcode='
.items[] | select(.metadata.name|test("(dbcreds|cnpg-main-urls|-superuser)$$"))
| {
    "name": .metadata.namespace,
    "app": (
    	if .metadata.labels."app.kubernetes.io/instance" != null then
	    .metadata.labels."app.kubernetes.io/instance"
	else
	    .metadata.labels."cnpg.io/cluster"
	end
    ),
    "url": (
    	if .data.url != null then
	    .data.url | @base64d
        elif .data.std != null then
	    .data.std | @base64d
        else {
            "protocol": "",
            "username": .data.username | @base64d,
            "password": .data.password | @base64d,
            "passwordlen": .data.password | @base64d | length,
            "host": "",
            "port": "",
	    "dbname": ""
        } end)
   ,"raw": .
} | {
    "name": .name,
    "app": .app,
    "url": (
    	if (.url|type) == "object" then
	    ""
        else
            .url
	end
    ),
    "data": (
    	if (.url|type) == "object" then
	    .url
        else
	    .url |
                match("(.*)://(.+):(.+)@([^:]+)(:(\\d+))?/(.*)$") | .captures | {
                    "protocol": .[0].string,
                    "username": .[1].string,
                    "password": .[2].string,
                    "passwordlen": .[2].string | length,
                    "host": .[3].string,
                    "safeport": .[4].string,
                    "port": .[5].string,
                    "dbname": .[6].string,
                }
	end
    )
} | {
    "name": .name,
    "raw_url": .url,
    "url": "\(.data.protocol)://\(.data.username)@\(.data.password):\(.data.host).\(.name).svc.cluster.local\(.data.safeport)/\(.data.dbname)",
    "safeurl": "\(.data.protocol)://\(.data.username)@*******:\(.data.host).\(.name).svc.cluster.local\(.data.safeport)/\(.data.dbname)",
    "protocol": .data.protocol,
    "username": .data.username,
    "password": .data.password,
    "pwd_len": .data.passwordlen,
    "host": "\(.data.host).\(.name).svc.cluster.local",
    "port": .data.port,
    "dbname": .data.dbname
}
'

[[ "$ALL" -eq 1 ]] || jqcode="$jqcode | select( .raw_url != \"\" )"

json_results=$(
    <<<"${QUERY_NAMESPACE}" \
    xargs -n1 k3s kubectl \
        get secrets \
        --output json \
    | jq "$jqcode"
)

[[ "$JSON" -eq 1 ]] && echo "$json_results" && exit 0

JQ_COLS="[$( <<<"\"$TCDBCOLS\"" \
    jq -r '. | split(",") | map( "\"\(.)\"" ) | join(",")'
)]"
JQ_COLS_REGEX="$( <<<"$JQ_COLS" \
    jq -r '. | map ( ".\(.)" ) | join(",")'
)"

[[ -z "$NOHEAD" ]] || JQ_COLS=

jqcode='
    ['"${JQ_COLS^^}"'] + [.[] |
        ['"$JQ_COLS_REGEX"']
    ] | .[] | join("|")
'

<<<"$json_results" jq -s '.' | jq -r "$jqcode" | column -t -s "|"

exit 0