#!/bin/sh
set -eu

envs='dev prod sandbox-1 security shared-services stage'

usage() {
    echo "$0: [-h|--help] [-e|--env SMILE_ENV ] [-l|--list] COMMAND [PARAMETER1 [PARAMETER2 ...]]"
    echo "You can either set the environment with -e or --env switch or set the SMILE_ENV environment variable."
    echo "Valid environments are: $envs"
}

vault_addr() {
    case "$1" in
        stage) echo "https://vault.smile-staging.aws";;
        prod) echo "https://vault.smile-production.aws";;
        security) return;;
        shared-services) return;;
        *) echo "https://vault.smile.aws";;
    esac
}

aws_account() {
    case "$1" in
        sandbox-1) echo "696774765305";;
        dev) echo "307739032832";;
        security) echo "777170570448";;
        shared-services) echo "877068819435";;
        stage) echo "389299793054";;
        prod) echo "964498696771";;
    esac
}

if [ "$#" -eq 0 ]
then
    usage
    exit 1
fi

if [ "$1" = -h ] || [ "$1" = --help ]
then
    usage
    exit 0
fi

if [ "$1" = -l ] || [ "$1" = --list ]
then
    echo "$envs"
    exit 0
fi

if [ "$1" = "-e" ] || [ "$1" = "--env" ]
then
    SMILE_ENV="$2"
    shift 2
elif [ -z "${SMILE_ENV:-}" ]
then
    usage
    exit 1
fi

if ! echo "$envs" | grep --quiet --fixed-strings --word-regex "$SMILE_ENV"
then
    echo "Environment $SMILE_ENV is not a valid one." >&2
    echo "Valid environments are: $envs" >&2
    exit 1
fi

export AWS_CONFIG_FILE="$HOME/.smile/aws/config"
export AWS_PROFILE="smile-$SMILE_ENV-admin"
export AWS_DEFAULT_PROFILE="$AWS_PROFILE"
export AWS_DEFAULT_REGION=us-east-1
export HELM_HOME="$HOME/.smile/helm/$SMILE_ENV-sre"
export HELM_TLS_ENABLE="true"
export HELM_TLS_VERIFY="true"
export KUBECONFIG="$HOME/.smile/kube/$SMILE_ENV/config"
export TILLER_NAMESPACE="applications-tiller"
# shellcheck disable=SC2155
export VAULT_ADDR="$(vault_addr "$SMILE_ENV")"
VAULT_CAPATH="$(bundle show smile-cli)/lib/vault_ca"
export VAULT_CAPATH

connected_vpn="$(dig env.smile.config TXT | xargs)"
if [ -n "$connected_vpn" ]
then
    if [ "$connected_vpn" != "$SMILE_ENV" ]
    then
        echo 'Connected to a different VPN than the requested environment.' >&2
        exit 1
    fi
    if [ -n "$VAULT_ADDR" ]
    then
        aws-vault exec "smile-$SMILE_ENV-admin" -- \
                vault login -method aws -no-print role=smile-ops
    fi
fi

eval exec aws-vault exec "smile-$SMILE_ENV-admin" -- "$@"