# Copyright (c) 2014 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.

set -e

export OS_AUTH_URL=http://localhost:35357/
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_IDENTITY_API_VERSION=3

_get_id()
{
    awk '/ id / { print $4 }'
}

_add_user()
{
    local name=$1
    local tenant=$2
    local user=$3
    local password=$4
    local role=$5

    TENANT_ID=$(openstack project list | awk "/ $tenant / { print \$2 }")
    if [ "$TENANT_ID" == "" ]; then
        # create a new tenant
        TENANT_ID=$(openstack project create $tenant | _get_id)
    fi

    USER_ID=$(openstack user list | awk "/ $user / { print \$2 }")
    if [ "$USER_ID" == "" ]; then
        USER_ID=$(openstack user create $user --password=$password \
            --project $TENANT_ID | _get_id)
    fi

    if [ "$role" != "" ]; then
        ROLE_ID=$(openstack role list | awk "/ $role / { print \$2 }")
        if [ "$ROLE_ID" == "" ]; then
            # create a new role
            ROLE_ID=$(openstack role create $role | _get_id)
        fi

        openstack role add --user $USER_ID --project $TENANT_ID $ROLE_ID
    fi

    eval $(openstack ec2 credentials create --user $user --project $tenant \
        -f shell -c access -c secret)
    export ${name}_ACCESS_KEY=$access
    export ${name}_SECRET_KEY=$secret
}

_create_swift_accounts()
{
    _add_user SERVICE service swift password admin
    _add_user ADMIN test admin admin ResellerAdmin
    _add_user TESTER test tester testing admin
    _add_user TESTER2 test tester2 testing2 member

    SERVICE=$(openstack service create --name=swift object-store | _get_id)
    openstack endpoint create $SERVICE \
        public "http://localhost:8080/v1/AUTH_\$(tenant_id)s"
}

_setup_keystone()
{
    rm -f ${TEST_DIR}/keystone.db 2>&1

    local log_file="${LOG_DEST:-${TEST_DIR}/log}/keystone.log"
    mkdir -p "$(dirname "${log_file}")"

    keystone-manage --config-file conf/keystone.conf --debug fernet_setup
    keystone-manage --config-file conf/keystone.conf --debug db_sync
    keystone-manage --config-file conf/keystone.conf --debug pki_setup
    keystone-manage --config-file conf/keystone.conf --debug bootstrap \
        --bootstrap-password=$OS_PASSWORD \
        --bootstrap-admin-url=$OS_AUTH_URL \
        --bootstrap-public-url=${OS_AUTH_URL/35357/5000}

    keystone-wsgi-admin -p 35357 -- --config-file conf/keystone.conf --debug \
        > "${log_file}" 2>&1 &
    export keystone_pid=$!
    # make sure it's actually running
    sleep 5
    ps -p $keystone_pid
    curl -I $OS_AUTH_URL

    _create_swift_accounts
}

_setup_keystone

set +e
