#!/usr/bin/env bash

set_openstack_environment() {
  export OS_AUTH_TYPE=v3oidcaccesstoken
  export OS_AUTH_URL="https://cloud.netways.de:5000/v3/"
  export OS_IDENTITY_PROVIDER=nws-id
  export OS_PROTOCOL=openid
  export OS_PROJECT_DOMAIN_NAME=Default
  export OS_IDENTITY_API_VERSION=3
  echo "Please enter your NWS-ID e-mail address (default: John.Doe@netways.de): "
  read -r KC_USER
  if [ -z "$KC_USER" ]
  then
    KC_USER="John.Doe@netways.de"
  fi
  echo "Please enter your NWS-ID password for user $KC_USER: "
  read -sr KC_PASSWORD_INPUT
  echo "Please enter your TOTP code (optional): "
  read -r KC_TOTP_INPUT
}

get_local_python() {
  local_python_bin=$(which python3)
  if [ "$?" -ne "0" ]
  then
    local_python_bin=$(which python2)
    if [ "$?" -ne "0" ]
    then
      local_python_bin=$(which python)
      if [ "$?" -ne "0" ]
      then
        return 1
      fi
    fi
  fi
}

get_nws_id_token() {
  curl -s -X POST https://id.nws.netways.de/realms/nws/protocol/openid-connect/token -H "Content-Type: application/x-www-form-urlencoded" --data-urlencode "username=${KC_USER}" --data-urlencode "password=${KC_PASSWORD_INPUT}" --data-urlencode "scope=openid profile" --data-urlencode "grant_type=password" --data-urlencode "client_id=openstack" --data-urlencode "totp=${KC_TOTP_INPUT}" | $local_python_bin -c "import sys,json; response=json.load(sys.stdin); result=response['error_description'] if 'error' in response else response['access_token']; print(result);"
}

set_project() {
  unset OS_PROJECT_NAME
  OPENSTACK_PROJECTS=$(openstack federation project list --sort-column Name --sort-ascending -f value -c Name | tr '\n' ' ')

  if [ -z "$OPENSTACK_PROJECTS" ]
  then
    echo -e "\nSomething went wrong during the attempt to get the project list. Please ensure that you are member of at least one project."
    echo "Also make sure your openstack commandline client is up-to-date."
    return 1
  fi

  if [ $(wc -w <<< "$OPENSTACK_PROJECTS") -gt "1" ]
  then
    echo -e "\nPlease select one of your OpenStack projects.\n"
    PS3="Enter a number: "

    select os_project in $(echo $OPENSTACK_PROJECTS)
    do
      echo "Selected project: $os_project"
      break;
    done

    export OS_PROJECT_NAME=$os_project
  else
    export OS_PROJECT_NAME=$OPENSTACK_PROJECTS
    echo "Selected project: $OPENSTACK_PROJECTS"
  fi
}

if [ ! -z ${OS_ACCESS_TOKEN+x} ]
then
  echo "Access token is still present. Please choose one of the following options:"
  PS3="Enter a number: "
  select option in "switch project" "re-authenticate" "exit"
  do
      echo "Selected option: $option"
      break;
  done
  if [[ "$option" == "exit" ]]
  then
    echo "Exiting"
    return 0
  fi

  if [[ "$option" == "switch project" ]]
  then
    set_project
    return 0
  fi
  if [ -z "$option" ]
  then
    echo "Invalid number - exiting."
    return 1
  fi
fi

get_local_python
if [ "$?" -eq "1" ]
then
  echo "Error: Python was not found. Please install python and the openstack commandline client before continuing."
  return 1
fi
which curl >/dev/null
if [ "$?" -ne "0" ]
then
  echo "Error: curl not found. Please install curl before continuing."
  return 1
fi
set_openstack_environment
TOKEN_RESPONSE=$(get_nws_id_token)

if [[ "$TOKEN_RESPONSE" == *" "* ]]
then
  echo "Authentication error: $TOKEN_RESPONSE"
  echo -e "Please try again.\n"
  set_openstack_environment
  TOKEN_RESPONSE=$(get_nws_id_token)
  if [[ "$TOKEN_RESPONSE" == *" "* ]]
  then
    echo "Authentication error: $TOKEN_RESPONSE"
    return 1
  fi
fi

export OS_ACCESS_TOKEN=$TOKEN_RESPONSE

echo -e "\nTesting authentication and fetching project list ..."
set_project