#!/bin/bash

NAMESPACE=$(cat namespace)
DEFECTDOJO_VERSION=1.6.174

kubectl create namespace $NAMESPACE \
  --dry-run=client \
  -o yaml | \
  kubectl -f - apply

if [ -f secrets.txt ]; then
  . secrets.txt
else
  SECRETS_FILE=`mktemp`
  gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
  . $SECRETS_FILE
  rm $SECRETS_FILE
  # eval "`cat secrets.asc | /usr/local/bin/decrypt-secrets.sh`"
fi

kubectl create secret generic defectdojo-postgresql-specific \
  --dry-run=client \
  -o yaml \
  --save-config \
  --from-literal=postgresql-password="$PGPASSWORD" | \
  kubectl apply -f - -n $NAMESPACE

kubectl create secret generic defectdojo-redis-specific \
  --dry-run=client \
  -o yaml \
  --save-config \
  --from-literal=redis-password="" | \
  kubectl apply -f - -n $NAMESPACE

kubectl create secret generic defectdojo-extrasecrets \
  --dry-run=client \
  -o yaml \
  --save-config \
  --from-literal=DD_SESSION_COOKIE_SECURE="True" \
  --from-literal=DD_CSRF_COOKIE_SECURE="True" \
  --from-literal=DD_SECURE_SSL_REDIRECT="True" \
  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED="True" \
  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY="$KEYCLOAK_PUBLIC_KEY" \
  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_KEY="defectdojo" \
  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL="https://auth2.hottis.de/realms/hottis/protocol/openid-connect/auth" \
  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL="https://auth2.hottis.de/realms/hottis/protocol/openid-connect/token" \
  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_SECRET="$OPENID_SECRET" | \
  kubectl apply -f - -n $NAMESPACE


helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'
helm repo update
helm upgrade --install \
  defectdojo defectdojo/defectdojo \
  -f values.yml \
  --version=$DEFECTDOJO_VERSION \
  --namespace=$NAMESPACE


kubectl apply -f ingress.yml -n $NAMESPACE