#!/bin/sh -e
#
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#


os=$(cat "$__global/explorer/os")

case "$os" in
   scientific|centos|redhat)
      # whitelist safeguard
      service_onchange='service consul-template status >/dev/null && service consul-template reload || true' \
   ;;
   archlinux)
      service_onchange="systemctl status consul-template >/dev/null && systemctl reload consul-template || true"
   ;;
   *)
      echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
      echo "Please contribute an implementation for it if you can." >&2
      exit 1
   ;;
esac

versions_dir="$__type/files/versions"
version="$(cat "$__object/parameter/version")"
version_dir="$versions_dir/$version"

if [ ! -d "$version_dir" ]; then
   echo "Unknown consul-template version '$version'. Expected one of:" >&2
   ls "$versions_dir" >&2
   exit 1
fi

state="$(cat "$__object/parameter/state")"

__staged_file /usr/local/bin/consul-template \
   --source "$(cat "$version_dir/source")" \
   --cksum "$(cat "$version_dir/cksum")" \
   --fetch-command 'curl -s -L "%s"' \
   --prepare-command 'unzip -p "%s"' \
   --state "$state" \
   --group root \
   --owner root \
   --mode 755


conf_dir="/etc/consul-template/conf.d"
conf_file="config.hcl"
template_dir="/etc/consul-template/template"

__directory /etc/consul-template \
   --owner root --group root --mode 750
require="__directory/etc/consul-template" \
   __directory "$conf_dir" \
      --owner root --group root --mode 750
require="__directory/etc/consul-template" \
   __directory "$template_dir" \
      --owner root --group root --mode 750


# Generate hcl config file
(
cd "$__object/parameter/"
for param in *; do
   case "$param" in
      auth-password|state|ssl-*|syslog-*|version|vault-token|vault-ssl*) continue ;;
      auth-username)
         printf 'auth {\n'
         printf '  enabled = true\n'
         printf '  username = "%s"\n' "$(cat "$__object/parameter/auth-username")"
         if [ -f "$__object/parameter/auth-password" ]; then
            printf '  password = %s\n' "$(cat "$__object/parameter/auth-password")"
         fi
         printf '}\n'
      ;;
      ssl)
         printf 'ssl {\n'
         printf '  enabled = true\n'
         if [ -f "$__object/parameter/ssl-no-verify" ]; then
            printf '  verify = false\n'
         fi
         if [ -f "$__object/parameter/ssl-cert" ]; then
            printf '  cert = "%s"\n' "$(cat "$__object/parameter/ssl-cert")"
         fi
         if [ -f "$__object/parameter/ssl-ca-cert" ]; then
            printf '  ca_cert = "%s"\n' "$(cat "$__object/parameter/ssl-ca-cert")"
         fi
         printf '}\n'
      ;;
      syslog)
         printf 'syslog {\n'
         printf '  enabled = true\n'
         if [ -f "$__object/parameter/syslog-facility" ]; then
            printf '  facility = "%s"\n' "$(cat "$__object/parameter/syslog-facility")"
         fi
         printf '}\n'
      ;;
      vault-address)
         printf 'vault {\n'
         printf '  address = "%s"\n' "$(cat "$__object/parameter/vault-address")"
         if [ -f "$__object/parameter/vault-token" ]; then
            printf '  token = "%s"\n' "$(cat "$__object/parameter/vault-token")"
         fi
         if [ -f "$__object/parameter/vault-ssl" ]; then
         printf '  ssl {\n'
         printf '    enabled = true\n'
         if [ -f "$__object/parameter/vault-ssl-no-verify" ]; then
            printf '    verify = false\n'
         fi
         if [ -f "$__object/parameter/vault-ssl-cert" ]; then
            printf '    cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-cert")"
         fi
         if [ -f "$__object/parameter/vault-ssl-ca-cert" ]; then
            printf '    ca_cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-ca-cert")"
         fi
         printf '  }\n'
         fi
         printf '}\n'
      ;;
      *)
         # string key=value parameters
         key="$(echo "$param" | tr '-' '_')"
         printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
      ;;
   esac
done
) | \
require="__directory${conf_dir}" \
   __config_file "${conf_dir}/${conf_file}" \
      --owner root --group root --mode 640 \
      --state "$state" \
      --onchange "$service_onchange" \
      --source -


# Install init script to start on boot
service="consul-template"
case "$os" in
   centos|redhat)
      os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
      major_version="${os_version%%.*}"
      case "$major_version" in
         7)
            __file "/lib/systemd/system/${service}.service" \
               --owner root --group root --mode 0555 \
               --state "$state" \
               --source "$__type/files/${service}.systemd"
            export require="__file/lib/systemd/system/${service}.service"
         ;;
         *)
            __file "/etc/init.d/${service}" \
               --owner root --group root --mode 0555 \
               --state "$state" \
               --source "$__type/files/${service}.sysv"
            export require="__file/etc/init.d/${service}"
         ;;
      esac
      __start_on_boot "$service" --state "$state"
   ;;
   ubuntu)
      __file "/etc/init/${service}.conf" \
         --owner root --group root --mode 0644 \
         --state "$state" \
         --source "$__type/files/${service}.upstart"
      export require="__file/etc/init/${service}.conf"
      __start_on_boot "$service" --state "$state"
   ;;
   archlinux)
      __file "/lib/systemd/system/${service}.service" \
         --owner root --group root --mode 0555 \
         --state "$state" \
         --source "$__type/files/${service}.systemd"
      export require="__file/lib/systemd/system/${service}.service"
      __start_on_boot "$service" --state "$state"
   ;;
esac
