#!/bin/bash


# Utility for creating `accounts.yaml` file for concurrent test runs.
# This script generates access tokens for different accounts and services,
# and creates an `accounts.yaml` file with the generated tokens.
#
# **Usage:** `./scripts/generate_accounts.sh`
#
# Environment Variables:
# ----------------------
# VQA_TEST_NODE (Optional) - URL of the VQA test node. Default is https://vqa-test-node-vrdqa.app.linecorp.com.
# ENVIRONMENT (Optional)   - Environment to use (dev, stage, prod). Default is dev.
# PROJECT_NAME (Optional)  - Project name to use. Default is flava-api-test.
#
# The script generates a file named `accounts.yaml` in the `configs` directory.


# Check if environment variables are set, if not use default values
export VQA_TEST_NODE=${VQA_TEST_NODE:-https://vqa-test-node-vrdqa.app.linecorp.com}
export PROJECT_NAME=${PROJECT_NAME:-flava-api-test}

# Derive ENVIRONMENT from TEST_ENV if not explicitly set
if [ -z "$ENVIRONMENT" ]; then
  if [ -n "$TEST_ENV" ]; then
    if [[ "$TEST_ENV" == *"stage"* ]]; then
      export ENVIRONMENT="stage"
    elif [[ "$TEST_ENV" == *"real_dev"* ]]; then
      export ENVIRONMENT="dev"
    elif [[ "$TEST_ENV" == *"real_prod"* ]] || [[ "$TEST_ENV" == *"prod"* ]]; then
      export ENVIRONMENT="prod"
    else
      echo "Warning: Could not derive ENVIRONMENT from TEST_ENV='$TEST_ENV'. Defaulting to 'stage'."
      export ENVIRONMENT="stage"
    fi
  else
    export ENVIRONMENT="stage"
  fi
fi

# Define service array
services=("os" "vpc" "lb" "fke" "egressproxy" "faas" "container-registry" "pulsar" "dnsaas" "gslbaas" "langfuse" "servicemap" "redis" "rollouts" "cloud-blueprint" "api-gateway")

get_access_token() {
  local account_name=$1
  local product=$2
  if [ "$product" == "servicemap" ]; then
    local domain="servicemap.${ENVIRONMENT}.${PROJECT_NAME}"
  else
    local domain="flava-${product}.${ENVIRONMENT}.${PROJECT_NAME}"
  fi
  response=$(curl -s -X POST $VQA_TEST_NODE/athenz_access_token \
    -d "{\"account_name\": \"$account_name\",\"provider_domain\": \"$domain\"}" \
    -H 'Content-Type: application/json')

  code=$(echo $response | jq -r '.code')
  if [ "$code" -ne 200 ]; then
    echo "Error: Failed to get access token for $account_name with product $product. Response: $response"
    exit 1
  fi

  echo $response | jq -r '.msg'
}

generate_account_yaml() {
  local account_name=$1
  local username=$2
  local role=$3
  cat << EOF
- username: '$username'
  project_name: '$PROJECT_NAME'
EOF
  for service in "${services[@]}"; do
    if [ "$service" == "os" ]; then
      local access_token=$(get_access_token $account_name "server")
    else
      local access_token=$(get_access_token $account_name $service)
    fi
    if [[ "$access_token" != *"Error"* ]]; then
      # If service name has hyphen(-) replace to underbar(_)
      service="${service//-/_}"
      echo "  ${service}_access_token: '$access_token'"
    fi
  done
  if [ -n "$role" ]; then
    cat << EOF
  roles:
    - '$role'
EOF
  fi
}

echo "### Generate Accounts.yaml"
{
  generate_account_yaml "qa-tester1" "flava-iam.${ENVIRONMENT}.${PROJECT_NAME}.qa-tester1"
  generate_account_yaml "qa-tester2" "flava-iam.${ENVIRONMENT}.${PROJECT_NAME}.qa-tester2" "reader"
  generate_account_yaml "qa-operator" "flava-iam.${ENVIRONMENT}.${PROJECT_NAME}.qa-operator" "admin"
} > configs/accounts.yaml
