#!/bin/bash

PATH="${PATH}:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"

FD_ANSIBLE_PATH="${FD_ANSIBLE_PATH:-/opt/ansible}"
FD_TERRAFORM_PATH="${FD_TERRAFORM_PATH:-/opt/terraform}"

USAGE="
${0} <mode>
mode:
  - ansible
  - terraform
"

function fd_terra_update_certs()
{
    local target="${1}"
    local target_plan="${2}"

    local tf_plan="$(fd-terra --no-update-all plan -no-color -target="${target_plan}")"

    local nb_ssl_certs_arn="$(echo -n "${tf_plan}"|\
                              grep -E '^\s*~\s*(acm_)?certificate_arn\s*=\s*"arn:aws:(acm|iam)?:.*:(server-)?certificate'|wc -l)"

    local nb_ssl_certs_id="$(echo -n "${tf_plan}"|\
                             grep '\.ssl_certificate_id:\s*""\s*=>\s*"arn:aws:iam::.*:server-certificate'|wc -l)"

    if [ "${nb_ssl_certs_arn}" == "0" ] && [ "${nb_ssl_certs_id}" == "0" ];
    then
        local nb_ssl_certs_id="$(echo -n "${tf_plan}"|\
                                 grep '^\s*+\s*ssl_certificate_id\s*=\s*"arn:aws:iam::.*:server-certificate'|wc -l)"
    fi

    if [ "${nb_ssl_certs_arn}" == "0" ] && [ "${nb_ssl_certs_id}" == "0" ];
    then
        return 0
    fi

    local nb_ebs_blocks="$(echo -n "${tf_plan}"|grep '^\s*ebs_block_device\.#:'|wc -l)"

    local plan_summary="$(echo -n "${tf_plan}"|\
                          sed -n -r 's/^Plan: ([0-9][0-9]*) to add, ([0-9][0-9]*) to change, ([0-9][0-9]*) to destroy\.$/\1-\2-\3/p')"

    local calc_sum_arn="${nb_ssl_certs_arn}-${nb_ebs_blocks}-${nb_ssl_certs_arn}";
    if [ "${nb_ssl_certs_arn}" != "0" ];
    then
        if [ "${plan_summary}" == "${calc_sum_arn}" ];
        then
            fd-terra --no-update-all apply -no-color -auto-approve -target="${target}" || true
        else
            calc_sum_arn="0-$((${nb_ebs_blocks} + ${nb_ssl_certs_arn}))-0";
            if [ "${plan_summary}" == "${calc_sum_arn}" ];
            then
                fd-terra --no-update-all apply -no-color -auto-approve -target="${target}" || true
            fi
        fi
    fi

    if [ "${nb_ssl_certs_id}" != "0" ];
    then
        local calc_sum_id="0-$((${nb_ebs_blocks} + ${tf_nb_ssl_certs_id}))-0";
        if [ "${plan_summary}" == "${calc_sum_id}" ];
        then
            fd-terra --no-update-all apply -no-color -auto-approve -target="${target}" || true
        fi
    fi
}

case "$1" in
    ansible)
        if [ ! -d "${FD_ANSIBLE_PATH}" ];
        then
            echo "directory doesn't exist: ${FD_ANSIBLE_PATH}" >&2
            exit 1
        fi

        pushd "${FD_ANSIBLE_PATH}/playbooks"
        for x in $(rgrep -l 'import_tasks:.*roles/common/ssl-certs/tasks/' .|xargs grep -l 'haproxy');
        do
            fd-ansible play "${x}" -t 'hosts,ssl-cert,haproxy' || true
        done;

        find . -type f -name '*-ssl-certs.yml' -print|while read x;
        do
            fd-ansible play "${x}" || true
        done;
        popd
    ;;
    terraform)
        if [ ! -d "${FD_TERRAFORM_PATH}" ];
        then
            echo "directory doesn't exist: ${FD_TERRAFORM_PATH}" >&2
            exit 1
        fi

        if [ "${2}" != "no-preupdate" ] && [ "${2}" != "no-update" ];
        then
            pushd "${FD_TERRAFORM_PATH}/common/cert/ssl"
            fd-terra --no-update-all apply -no-color -auto-approve || true
            popd
        fi

        pushd "${FD_TERRAFORM_PATH}"
        find . -name 'main.tf' ! -path '*/modules/*' ! -path '*/common/*' -exec grep -l 'data\.terraform_remote_state\.cert-ssl\.outputs\.common_cert_ssl' '{}' \;|\
            while read x;
            do
                pushd "${FD_TERRAFORM_PATH}/$(dirname "${x}")"
                FD_TF_TARGETS="$(sed -n -r 's/^\s*((module)\s+"(.+\-lb)"|resource\s+"(aws_cloudfront_distribution|aws_elb)"\s+"(.+)").*/\2.\3.\4.\5/p' "${FD_TERRAFORM_PATH}/${x}"|\
                                 sed 's/\.\.\+//')"
                echo "${FD_TF_TARGETS}"|while read target;
                do
                    if [ -z "${target}" ];
                    then
                        continue;
                    fi

                    if [[ ${target} == module.* ]];
                    then
                        fd_terra_update_certs "${target}" "${target}.aws_lb_listener.listeners" || true
                        fd_terra_update_certs "${target}" "${target}.aws_lb_listener_certificate.listener_certs" || true
                    else
                        fd_terra_update_certs "${target}" "${target}" || true
                    fi
                done
                popd
            done
        popd

        if [ "${2}" != "no-postupdate" ] && [ "${2}" != "no-update" ];
        then
            pushd "${FD_TERRAFORM_PATH}/common/cert/ssl"
            fd-terra --no-update-all apply -no-color -auto-approve || true
            popd
        fi
    ;;
    *)
        echo "${USAGE}" >&2
        exit 1
    ;;
esac
