#!/bin/bash
# Purpose: decrypt ngcp configuration archive
################################################################################

set -e
set -u
set -o pipefail

# helper functions {{{
# sadly we can't source ${FUNCTIONS}/main as we are missing a bunch of
# configuration files that are supposed to be available, therefore
# provide the main functions we need for successful execution of the
# decrypt function

# support for testsuite, assume defaults if unset
FUNCTIONS="${FUNCTIONS:-/usr/share/ngcp-ngcpcfg/functions/}"
HELPER="${HELPER:-/usr/share/ngcp-ngcpcfg/helper/}"

timestamp_replacementchars='' # unset by default

console_output() {
  if [ -z "${TIME_FORMAT:-}" ] ; then
    printf -- "%b" "$*"
    return 0
  fi

  local timestamp
  timestamp="$(date "${TIME_FORMAT}")"

  # indent depending on number of characters in date output
  timestamp_replacementchars="$(printf -- "%s: " "${timestamp}" | sed 's/./ /g')"
  printf -- "%b" "${timestamp}: $*"
}

log_info() {
  logger -t ngcpcfg --id="${NGCPCFG_PID}" -- "$*"
  console_output "$*\n"
}

# info without ending newline
# shellcheck disable=SC2317
log_info_n() {
  logger -t ngcpcfg --id="${NGCPCFG_PID}" -- "$*"
  console_output "$*"
}

log_warn() {
  logger -t ngcpcfg --id="${NGCPCFG_PID}" -- "Warning: $*"
  console_output "Warning: $*\n"
}

log_error() {
  logger -t ngcpcfg --id="${NGCPCFG_PID}" -- "Error: $*"
  console_output "Error: $*\n" >&2
}

# shellcheck disable=SC2317
log_debug() {
  if [ -n "${DEBUG:-}" ] ; then
    logger -t ngcpcfg --id="${NGCPCFG_PID}" -- "Debug: $*"
    console_output "DEBUG: $*\n"
  fi
}
# }}}

setup_shared_config() {
  if ! [ -d /mnt/glusterfs/mgmt-share ] ; then
    log_warn "Looks like glusterfs is not running, can not install it automatically.

Please execute the following command on one node
as soon as glusterfs share is mounted again:

  git clone --bare /etc/ngcp-config /mnt/glusterfs/ngcpcfg-share
  ${HELPER}/restore-permissions /mnt/glusterfs/ngcpcfg-share

"
    return 0
  fi

  if [ -d /mnt/glusterfs/ngcpcfg-share ] ; then
    log_info "Shared storage exists already, ignoring request to (re)install it."
  else
    log_info "Copying git repository to shared storage."
    git clone --bare /etc/ngcp-config /mnt/glusterfs/ngcpcfg-share | sed "s/^/${timestamp_replacementchars}/"
    "${HELPER}"/restore-permissions /mnt/glusterfs/ngcpcfg-share
  fi
}

# main script
if ! type -p gpg &>/dev/null ; then
  log_error "gpg binary not found, exiting."
  exit 1
fi

RC=0
TARGZ=/etc/ngcp-config-crypted.tgz

# ensure created files can be read by root only
umask 066

if ! gpg -d "${TARGZ}".gpg > "${TARGZ}" ; then
  log_error "Error while decrypting ${TARGZ}.gpg"
  RC=1
else
  # For backwards compatibility we switch to the root directory, for old
  # encrypted tarballs that stripped the leading /.
  cd /
  if tar zxPf "${TARGZ}" ; then
    log_info "Successfully restored configuration archive ${TARGZ}.gpg"
    log_info "Now you should be able to run 'ngcpcfg apply' again."
  else
    log_error "Error while restoring ${TARGZ}.gpg"
    RC=1
  fi
fi

# only for PRO/CARRIER
if [ -r "${FUNCTIONS}"/ha_features ] ; then
  setup_shared_config
else
  log_info "Ignoring shared configuration (PRO/CARRIER only)."
fi

# don't leave the unencrypted archive behind
rm -f "${TARGZ}"

exit "${RC}"

## END OF FILE #################################################################