#!/bin/bash

nomad_bin=${HOME}/github/hashicorp/nomad/pkg/darwin_amd64/nomad
#nomad_bin=/usr/local/bin/nomad

show_file () {
  echo ""
  echo "+================================================"
  echo "| 📄 ${1}"
  echo "+------------------------------------------------"
  cat ${1} | awk '{print "| "$0}'
  echo "+================================================"
  echo ""
}

repeat_char () {
  length=$1
  char=$2
  head -c ${length} < /dev/zero | tr '\0' "${char}"
}

mkdir -p tls
if [ $? -ne 0 ]
then
  echo "tls directory exists; exiting."
  exit 1
fi

pidcount=$(ps aux | grep nomad | grep -v grep | wc -l | tr -d " \t\n")
if [ ${pidcount} -ne 0 ]
then
  echo "Found a nomad pid; exiting..."
  exit 1
fi


cd tls && rm -rf *

consul tls ca create -domain=nomad
consul tls cert create -domain=nomad -dc=global -server
consul tls cert create -domain=nomad -dc=global -client
consul tls cert create -domain=nomad -dc=global -cli

cd ..

cat <<EOF > tls.hcl
tls {
  http = true
  rpc  = true

  ca_file   = "tls/nomad-agent-ca.pem"
  cert_file = "tls/global-server-nomad-0.pem"
  key_file  = "tls/global-server-nomad-0-key.pem"

  verify_server_hostname = true
  verify_https_client    = true
  rpc_upgrade_mode       = true
}
EOF
sleep 1

echo "Starting Nomad Dev Agent..."
$nomad_bin agent -dev -config=tls.hcl &
nomad_pid=$!

err () {
  echo "${1}"
  show_file nomad.log
  echo "Deleting tls folder contents..."
#  rm -rf tls/*
  echo "Killing nomad agent..."
  kill -9 ${nomad_pid}
  echo "Done."
  exit 1
}

show_file tls.hcl

echo "Sleeping for 10 seconds..."
sleep 10

export NOMAD_ADDR=https://127.0.0.1:4646
export CURL_FLAGS="--cacert tls/nomad-agent-ca.pem --cert tls/global-server-nomad-0.pem --key tls/global-server-nomad-0-key.pem"

SELF="$(curl --silent --show-error --fail $CURL_FLAGS $NOMAD_ADDR/v1/agent/self 2>&1)"
EXIT_CODE=$?
echo ""
echo "$(repeat_char 70 '^')"
echo "${SELF:0:60} . . ."
echo "$(repeat_char 70 '^')"

echo "Validating \${SELF} is json..."
JQ_TEST="$(jq '.config.TLSConfig' <<< ${SELF} 2>&1)"
EXIT_CODE=$?
echo "==================================="
echo "${JQ_TEST}"
echo "==================================="

if [ $EXIT_CODE -ne 0 ]
then
  err "FAIL: \${SELF} is not json: ${JQ_TEST}"
fi

echo "Checking RPCUpgradeMode..."
echo " - RPCUpgradeMode: \"$(jq -r '.config.TLSConfig.RPCUpgradeMode' <<< $SELF)\" "

if [ "$(jq -r '.config.TLSConfig.RPCUpgradeMode' <<< $SELF)" != "true" ]
then
  err "FAIL: tls.rpc_upgrade_mode is not enabled."
fi

echo "Updating configuration file"
sed 's/rpc_upgrade_mode       = true/rpc_upgrade_mode       = false/g' tls.hcl > tls.hcl.new
mv tls.hcl.new tls.hcl
show_file tls.hcl

kill -HUP ${nomad_pid}

sleep 10

SELF="$(curl --silent --show-error --fail $CURL_FLAGS $NOMAD_ADDR/v1/agent/self 2>&1)"
EXIT_CODE=$?
echo ""
echo "$(repeat_char 70 '^')"
echo "${SELF:0:60} . . ."
echo "$(repeat_char 70 '^')"

echo "Validating \${SELF} is json..."
JQ_TEST="$(jq '.config.TLSConfig' <<< ${SELF} 2>&1)"
echo "==================================="
echo "${JQ_TEST}"
echo "==================================="

EXIT_CODE=$?
if [ $EXIT_CODE -ne 0 ]
then
  err "FAIL: \${SELF} is not json: ${JQ_TEST}"
fi

echo "Checking RPCUpgradeMode..."
echo " - RPCUpgradeMode: \"$(jq -r '.config.TLSConfig.RPCUpgradeMode' <<< $SELF)\" "

if [ "$(jq -r '.config.TLSConfig.RPCUpgradeMode' <<< $SELF)" != "false" ]
then
  err "FAIL: tls.rpc_upgrade_mode is still enabled"
fi