#!/usr/bin/env bash
#
# Copyright 2016-2017 Confluent Inc.
#

set -o nounset \
    -o errexit \
    -o verbose

if [ -z "$KAFKA_SECRETS_DIR" ]; then
    echo "ERROR: KAFKA_SECRETS_DIR is required" >&2
    exit 1
fi
if [ -z "$KAFKA_LOG4J_DIR" ]; then
    echo "ERROR: KAFKA_LOG4J_DIR is required" >&2
    exit 1
fi
if [ -z "$KAFKA_CONFIG_DIR" ]; then
    echo "ERROR: KAFKA_CONFIG_DIR is required" >&2
    exit 1
fi
if [ -z "$CAAS_POD_ID" ]; then
    echo "ERROR: CAAS_POD_ID is required" >&2
    exit 1
fi

SERVER_PROPS_FILE="${KAFKA_CONFIG_DIR}/kafka.properties"
if [ -f "${SERVER_PROPS_FILE}" ]; then
  echo "Server properties file was already generated (by init container): ${SERVER_PROPS_FILE}"
else
  echo "Server properties file was not yet created...generating it: ${SERVER_PROPS_FILE}"
  cat ${KAFKA_CONFIG_DIR}/shared/server-common.properties > "${SERVER_PROPS_FILE}"
  # Make sure there's a new line between the files, so we won't concat lines together
  echo >> "${SERVER_PROPS_FILE}"
  cat ${KAFKA_CONFIG_DIR}/pod/${CAAS_POD_ID}/server-pod.properties >> "${SERVER_PROPS_FILE}"
fi

spec_file_name="spec.json"
if [ -f "${SERVER_PROPS_FILE}" ]; then
  echo "${SERVER_PROPS_FILE} file found."
  # Check if FIPS is enabled in kafka.properties
  if grep -q "ssl.provider=BCJSSE" "${SERVER_PROPS_FILE}" && \
      grep -q "confluent.security.bc.approved.mode.enable=true" "${SERVER_PROPS_FILE}"; then
    # use pem
    if [ -e "/mnt/sslcerts/specPem.json" ]; then
      echo "/mnt/sslcerts/specPem.json was found."
      spec_file_name="specPem.json"
    else
      echo "ERROR: /mnt/sslcerts/specPem.json was not present on FIPS cluster, terminating."
      exit 1
    fi
  fi
fi

if [ -e "/mnt/sslcerts/${spec_file_name}" ]; then
  keystore_location=$(jq -r .ssl_keystore_filename /mnt/sslcerts/${spec_file_name})
  keystore_type=$(jq -r .ssl_certificate_encoding /mnt/sslcerts/${spec_file_name})
  export KEYSTORE_LOCATION="/mnt/sslcerts/${keystore_location}"
  export KEYSTORE_TYPE="${keystore_type}"
else
  # this block will never get executed on Approved mode FIPS cluster as if specPem.json was not found, the script would have
  # exited before
  echo "WARNING: /mnt/sslcerts/${spec_file_name} was not present, defaulting to /mnt/sslcerts/pkcs.p12"
  export KEYSTORE_LOCATION=/mnt/sslcerts/pkcs.p12
  export KEYSTORE_TYPE=PKCS12
fi

if [ -z "$KEYSTORE_LOCATION" ]; then
    echo "ERROR: KEYSTORE_LOCATION is required" >&2
    exit 1
fi
if [ -z "$KEYSTORE_TYPE" ]; then
    echo "ERROR: KEYSTORE_TYPE is required" >&2
    exit 1
fi
echo "Keystore env vars: KEYSTORE_LOCATION=$KEYSTORE_LOCATION, KEYSTORE_TYPE=$KEYSTORE_TYPE"

# kafka.properties has markers named $KEYSTORE_LOCATION and $KEYSTORE_TYPE.
# the code below will substitute the keystore location and type found above
# for these markers.
sed -i -e 's@${KEYSTORE_LOCATION}@'"$KEYSTORE_LOCATION"'@' -e 's@${KEYSTORE_TYPE}@'"$KEYSTORE_TYPE"'@' "${SERVER_PROPS_FILE}"
rc=$?; if [[ $rc != 0 ]]; then echo "sed failed for KEYSTORE_LOCATION and KEYSTORE_TYPE"; exit $rc; fi

# TODO - final configs need to go in a writable scratch directory
cat ${KAFKA_CONFIG_DIR}/shared/log4j.properties >  /opt/caas/config/kafka/log4j.properties
echo >> /opt/caas/config/kafka/log4j.properties
cat ${KAFKA_CONFIG_DIR}/pod/${CAAS_POD_ID}/log4j.properties >> /opt/caas/config/kafka/log4j.properties
cat ${KAFKA_CONFIG_DIR}/shared/disk-usage-agent.properties >  /opt/caas/config/kafka/disk-usage-agent.properties
cat ${KAFKA_CONFIG_DIR}/shared/jvm.config > /opt/caas/config/kafka/jvm.config
echo >> /opt/caas/config/kafka/jvm.config
cat ${KAFKA_CONFIG_DIR}/pod/${CAAS_POD_ID}/jvm.config >> /opt/caas/config/kafka/jvm.config
cp /opt/caas/templates/jmx-exporter.yaml.j2 /opt/caas/config/jmx-exporter.yaml
cp /opt/caas/templates/otel-javaagent.properties /opt/caas/config/otel-javaagent.properties
