#!/usr/bin/env bash

set -e

register_server_entries() {
    # Get the actual SPIRE server pod name (works with both StatefulSet and Deployment)
    SPIRE_SERVER_POD=$(kubectl get pod -n spire -l app=spire-server -o jsonpath='{.items[0].metadata.name}')
    kubectl exec -n spire $SPIRE_SERVER_POD -c spire-server -- /opt/spire/bin/spire-server entry create $@
}


if [ "$1" == "register" ]; then
  echo "Registering an entry for spire agent..."
  register_server_entries \
    -spiffeID spiffe://howto-k8s-mtls-sds-based.aws/ns/spire/sa/spire-agent \
    -selector k8s_sat:cluster:k8s-cluster \
    -selector k8s_sat:agent_ns:spire \
    -selector k8s_sat:agent_sa:spire-agent \
    -node

  echo "Registering an entry for the front app..."
  register_server_entries \
    -parentID spiffe://howto-k8s-mtls-sds-based.aws/ns/spire/sa/spire-agent \
    -spiffeID spiffe://howto-k8s-mtls-sds-based.aws/front \
    -selector k8s:ns:howto-k8s-mtls-sds-based \
    -selector k8s:sa:default \
    -selector k8s:pod-label:app:front \
    -selector k8s:container-name:envoy

  echo "Registering an entry for the color app - version:red..."
  register_server_entries \
    -parentID spiffe://howto-k8s-mtls-sds-based.aws/ns/spire/sa/spire-agent \
    -spiffeID spiffe://howto-k8s-mtls-sds-based.aws/colorred \
    -selector k8s:ns:howto-k8s-mtls-sds-based \
    -selector k8s:sa:default \
    -selector k8s:pod-label:app:color \
    -selector k8s:pod-label:version:red \
    -selector k8s:container-name:envoy

  echo "Registering an entry for the color app - version:blue..."
  register_server_entries \
    -parentID spiffe://howto-k8s-mtls-sds-based.aws/ns/spire/sa/spire-agent \
    -spiffeID spiffe://howto-k8s-mtls-sds-based.aws/colorblue \
    -selector k8s:ns:howto-k8s-mtls-sds-based \
    -selector k8s:sa:default \
    -selector k8s:pod-label:app:color \
    -selector k8s:pod-label:version:blue \
    -selector k8s:container-name:envoy
elif [ "$1" == "registerGreen" ]; then
  echo "Registering an entry for the color app - version:green..."
  register_server_entries \
    -parentID spiffe://howto-k8s-mtls-sds-based.aws/ns/spire/sa/spire-agent \
    -spiffeID spiffe://howto-k8s-mtls-sds-based.aws/colorgreen \
    -selector k8s:ns:howto-k8s-mtls-sds-based \
    -selector k8s:sa:default \
    -selector k8s:pod-label:app:color \
    -selector k8s:pod-label:version:green \
    -selector k8s:container-name:envoy
fi