#!/bin/bash

SERVICE_NAME="feudal"

FACILITY_NAME=$1
DESTINATION=$2
DESTINATION_TYPE=$3


#Test if destination is in not empty and in the correct format
if [ -z "$DESTINATION" ]; then
	echo "Missing Destination argument (Name of instance there)" >&2
	exit 251
fi

#Test if destination type is not empty and it is defined as service-specific (mandatory settings)
if [ -z "$DESTINATION_TYPE" ]; then
	echo "Destination type can't be empty!" >&2
	exit 245
else
	if [ "$DESTINATION_TYPE" != "service-specific" ]; then
		echo "Destination type need to be defined as service specific!" >&2
		exit 244
	fi
	fi

#Test if name of facility is not empty
if [ -z "$FACILITY_NAME" ]; then
	echo "Missing FacilityName argument" >&2
	exit 252
fi


CREDENTIALS_FILENAME="`echo $DESTINATION | sed -e 's/^https\?:\/\///'`"
if echo $CREDENTIALS_FILENAME | grep -v '^[A-Za-z0-9_.-]\+$' ; then
	echo "Unsupported destination" >&2
	exit 247
fi

if echo $CREDENTIALS_FILENAME | grep -s '\.\.' ; then
	echo "Unsupported destination" >&2
	exit 248
fi


CREDENTIALS="`cat /etc/perun/services/feudal/$CREDENTIALS_FILENAME`"
if [ -z "$CREDENTIALS" ]; then
	echo "No credentials available in configuration" >&2
	exit 246
fi


#Basic path to find data from gen service
SERVICE_FILES_BASE_DIR="`pwd`/../gen/spool"
SERVICE_FILES_DIR="$SERVICE_FILES_BASE_DIR/$FACILITY_NAME/$SERVICE_NAME"
#Just safety check. This should not happen
if [ ! -d "$SERVICE_FILES_DIR" ]; then echo '$SERVICE_FILES_DIR: '$SERVICE_FILES_DIR' is not a directory' >&2 ; exit 1; fi


#Create lock to disallow calling more than once at time (method similar to locks in slave scripts)
LOCK_DIR=${LOCK_DIR:=/var/lock}
LOCK_FILE="${LOCK_DIR}/perun-${SERVICE_NAME}-$FACILITY_NAME.lock"
LOCK_PIDFILE="$LOCK_FILE/pid"
function create_lock {
	if mkdir "${LOCK_FILE}"; then
		trap 'rm -r -f "${LOCK_FILE}"' EXIT
		echo $$ > "$LOCK_PIDFILE";
		if [ $? -ne 0 ]; then
			echo "Can't create lock file." >&2
			exit 250
		fi
	else
		# lock file exists, check for existence of concurrent process
		if ps ax | grep "$SERVICE_NAME" | sed 's/^\([0-9]\+\).*/\1/' | grep "\(^\| \)`cat $LOCK_PIDFILE`\( \|$\)"; then
			# concurrent process is running - this skript must terminate
			echo "Concuret process $SERVICE_NAME is running" >&2
			exit 249
		else
			# lock is not valid; it should be deleted
			rm -r "$LOCK_FILE"
			if [ $? -ne 0 ]; then
				echo "Can't remove not valid lock file." >&2
				exit 248
			fi
			echo "Invalid lock file found and deleted: $LOCK_FILE" >&2
			mkdir "${LOCK_FILE}"
			if [ $? -ne 0 ]; then
				echo "Can't create lock after removing invalid lock." >&2
				exit 247
			fi
			trap 'rm -r -f "${LOCK_FILE}"' EXIT
			echo $$ > "$LOCK_PIDFILE"
			if [ $? -ne 0 ]; then
				echo "Can't create lock file after removing invalid lock file." >&2
				exit 246
			fi
		fi
	fi
}

#start script by creating new lock
create_lock


#prepare after exit removing of temporary files and directories
trap 'rm -r -f "${LOCK_FILE}"' EXIT

ERRORCODE=0

for USER in `curl -s -u "$CREDENTIALS" "$DESTINATION/upstream/users/" | sed -e 's/\s*//g ; s/\["\|"\]//g ; s/","/ /g'` ; do

	if [ -e "$SERVICE_FILES_DIR/users/$USER" ]; then
		echo "Updating: " $USER
		curl -s -u "$CREDENTIALS" -X PUT "$DESTINATION/upstream/userinfo/" -H "Content-Type: application/json" --data-binary @"$SERVICE_FILES_DIR/users/$USER" || ERRORCODE=1

	else
		echo "Deleting: " $USER
		curl -s -u "$CREDENTIALS" -X DELETE "$DESTINATION/upstream/user/$USER/" -H "Content-Type: application/json" || ERRORCODE=1
	fi

done


exit $ERRORCODE
