#!/bin/bash

ENVS=("dev" "stage" "prod")
ACCOUNTS=("qa-tester1" "qa-tester2" "qa-operator")
BASE_URL="https://vqa-test-node-vrdqa.app.linecorp.com"

for ENV in "${ENVS[@]}"; do
  for ACCOUNT in "${ACCOUNTS[@]}"; do
    echo "=== $ENV / $ACCOUNT ==="

    # private key 가져오기
    curl -s -X POST "$BASE_URL/run_cmd" \
      -H "Content-Type: application/json" \
      -d "{\"cmd\": \"cat /$ENV/flava-api-test/$ACCOUNT.key.pem\"}" \
      | jq -r '.msg' | sed 's/.*\[Response\]://' > /tmp/$ACCOUNT.key.pem

    # cert 발급
    zts-svccert \
      -zts https://apj.zts.athenz.yahoo.co.jp:4443/zts/v1 \
      -domain flava-iam.$ENV.flava-api-test \
      -service $ACCOUNT \
      -private-key /tmp/$ACCOUNT.key.pem \
      -key-version $ACCOUNT \
      -provider sys.auth.zts \
      -instance $(hostname) \
      -dns-domain zts.athenz.cloud \
      -cert-file ${ENV}_${ACCOUNT}_cert.pem \
      -expiry-time 5256000

    echo "Cert saved: ${ENV}_${ACCOUNT}_cert.pem"
    #rm /tmp/$ACCOUNT.key.pem  # 사용 후 즉시 삭제
  done
done
