#!/usr/bin/env bash

set -eu -o pipefail

CLUSTER_API_LB_IP="4.155.160.32"

MICROSOFT_ENTRA_TENANT_ID=cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24
MATHMAST_AD_CLIENT_ID=7cd1df19-24ea-46d7-acd3-5336283139e0
MATHMAST_AD_CLIENT_SECRET=L9J8Q~kClGP-sXKS3YFgnpDu7ednUdlWGsWfQbTl

MATHMAST_AD_ISSUER="https://login.microsoftonline.com/${MICROSOFT_ENTRA_TENANT_ID}/v2.0"
OS=${OS:-linux}
ARCH=${ARCH:-amd64}
KUBECTL_VERSION=${KUBECTL_VERSION:-v1.30.3}
KUBELOGIN_VERSION=${KUBELOGIN_VERSION:-v1.29.0}

function check_os() {
  if [[ "$OSTYPE" == "linux-gnu"* ]]; then
    OS=linux
  elif [[ "$OSTYPE" == "darwin"* ]]; then
    OS=darwin
  else
    echo "Unsupported OS: $OSTYPE"
    exit 1
  fi
}

function check_arch() {
  if [[ "$(uname -m)" == "x86_64" ]]; then
    ARCH=amd64
  elif [[ "$(uname -m)" == "arm64" ]]; then
    ARCH=arm64
  else
    echo "Unsupported architecture: $(uname -m)"
    exit 1
  fi
}

function ensure_kubectl () {
  local version=${KUBECTL_VERSION}
  local os=${OS}
  local arch=${ARCH}
  local download_url=https://storage.googleapis.com/kubernetes-release/release/${version}/bin/${os}/${arch}/kubectl

  echo "Downloading kubectl (${arch}-${version}) from ${download_url}"
  # download to tmp folder
  curl -L o /tmp/kubectl "${download_url}"
  chmod +x kubectl
  sudo mv kubectl /usr/local/bin/kubectl
}

function ensure_kubelogin () {
  local os=${OS}
  local arch=${ARCH}
  local version=${KUBELOGIN_VERSION}
  local download_url=https://github.com/int128/kubelogin/releases/download/${version}/kubelogin_${os}_${arch}.zip

  echo "Downloading kubelogin (${arch}-${version}) from ${download_url}"
  # download to tmp folder
  curl -L -o /tmp/kubelogin.zip "${download_url}"
  unzip /tmp/kubelogin.zip -d /tmp
  chmod +x /tmp/kubelogin
  sudo mv /tmp/kubelogin /usr/local/bin/kubelogin
}

function main() {
  # check if the kubectl not installed
  if ! command -v kubectl &> /dev/null; then
    ensure_kubectl
  fi

  # check if the kubelogin not installed
  if ! command -v kubelogin &> /dev/null; then
    ensure_kubelogin
  fi

  # setup with kubelogin
  kubelogin setup \
     --oidc-issuer-url ${MATHMAST_AD_ISSUER} \
     --oidc-client-id ${MATHMAST_AD_CLIENT_ID} \
     --oidc-client-secret ${MATHMAST_AD_CLIENT_SECRET} \
     --oidc-extra-scope="profile,email,offline_access" \
     --log_file=/dev/null

  # Prompt user to input username
  echo "Please enter your username: "
  read username

  # Check if username is empty
  if [ -z "$username" ]; then
    echo "Username cannot be empty"
    exit 1
  fi

  echo "Set credentials for $username..."
  kubectl config set-credentials "$username" \
    --exec-api-version=client.authentication.k8s.io/v1beta1 \
    --exec-command=kubelogin \
    --exec-arg=get-token \
    --exec-arg="--oidc-issuer-url=${MATHMAST_AD_ISSUER}" \
    --exec-arg="--oidc-client-id=${MATHMAST_AD_CLIENT_ID}" \
    --exec-arg="--oidc-client-secret=${MATHMAST_AD_CLIENT_SECRET}"
  
  echo "Set cluster..."
  kubectl config set-cluster freeleaps-cluster \
    --server=https://${CLUSTER_API_LB_IP}:6443
  
  echo "Create context..."
  kubectl config set-context "$username@freeleaps-cluster" \
    --cluster=freeleaps-cluster \
    --user="$username"

  echo "Use context..."
  kubectl config use-context "$username@freeleaps-cluster"

  echo "Done."
}

main "$@"