# /bin/bash
echo "*****************************************************"
echo "* NSX Application Platform Kubeconfig obtain script *"
echo "*               https://sd-juan.es                  *"
echo "*                 September, 2022                   *"
echo "*****************************************************"
echo "Please, chose an option:"
echo "1. Automatically create the Service Account and Clusterrolebinding, and then get the Kubeconfig (Vsphere with Tanzu)"
echo "2. I have already created the SA and CRB, Just get the kubeconfig (Other kubernetes deployments)"
echo ""
read -p "Option: " option

if [[ "$option" == "1" ]]
then
  printf "\nPlease input the IP of your supervisor cluster"
  read -p "Supervisor cluster IP: " supervisor_cluster_ip
  printf "\nPlease, input your vSphere SSO User: "
  read "ssouser"
  printf "\nPlease input the namespace where your cluster resides: "
  read namespace
  printf "\nPlease input the cluster name: "
  read cluster_name
  echo "**********************************************************************************************"
   if kubectl vsphere login --server $supervisor_cluster_ip -u $ssouser --tanzu-kubernetes-cluster-name $cluster_name --tanzu-kubernetes-cluster-namespace $cluster_name --insecure-skip-tls-verify
   then
     echo "**********************************************************************************************"
     echo "Login OK"
     echo "**********************************************************************************************"
     echo "Creating the required SA and CRB"
     echo "**********************************************************************************************"
     sleep 2
     if kubectl create serviceaccount napp-admin -n kube-system && kubectl create clusterrolebinding napp-admin --serviceaccount=kube-system:napp-admin --clusterrole=cluster-admin 
     then
       echo "**********************************************************************************************"
       echo "SA and CRB created"
       echo "**********************************************************************************************"
       echo "Please, input the name of the kubeconfig file to be created"
       read -p "kubeconfig name: " kubeconfigname

       SECRET=$(kubectl get serviceaccount napp-admin -n kube-system -ojsonpath='{.secrets[].name}')
       TOKEN=$(kubectl get secret $SECRET -n kube-system -ojsonpath='{.data.token}' | base64 -d)
       kubectl get secrets $SECRET -n kube-system -o jsonpath='{.data.ca\.crt}' | base64 -d > ./ca.crt
       CONTEXT=$(kubectl config view -o jsonpath='{.current-context}')
       CLUSTER=$(kubectl config view -o jsonpath='{.contexts[?(@.name == "'"$CONTEXT"'")].context.cluster}')
       URL=$(kubectl config view -o jsonpath='{.clusters[?(@.name == "'"$CLUSTER"'")].cluster.server}')
       TO_BE_CREATED_KUBECONFIG_FILE=$kubeconfigname
       filepath() {
          readlink -f $TO_BE_CREATED_KUBECONFIG_FILE
       }
       if kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-cluster $CLUSTER --server=$URL --certificate-authority=./ca.crt --embed-certs=true && kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-credentials napp-admin --token=$TOKEN && kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-context $CONTEXT --cluster=$CLUSTER --user=napp-admin && kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE use-context $CONTEXT
       then
       echo "**********************************************************************************************"
       echo "kubectl file created on" ; filepath
       echo "**********************************************************************************************"
       exit
       fi
       echo "Error creating Kubeconfig, Check folder permissions"
       exit
    fi
    echo "Error while creating roles, please check above"   
    exit
  fi
  echo "Error while connecting to vSphere, please check your parameters"
  exit
elif [[ "$option" == "2" ]]
then
  echo "Please, input the name of the kubeconfig file to be created"
  read -p "kubeconfig name: " kubeconfigname
  SECRET=$(kubectl get serviceaccount napp-admin -n kube-system -ojsonpath='{.secrets[].name}')
  TOKEN=$(kubectl get secret $SECRET -n kube-system -ojsonpath='{.data.token}' | base64 -d)
  kubectl get secrets $SECRET -n kube-system -o jsonpath='{.data.ca\.crt}' | base64 -d > ./ca.crt
  CONTEXT=$(kubectl config view -o jsonpath='{.current-context}')
  CLUSTER=$(kubectl config view -o jsonpath='{.contexts[?(@.name == "'"$CONTEXT"'")].context.cluster}')
  URL=$(kubectl config view -o jsonpath='{.clusters[?(@.name == "'"$CLUSTER"'")].cluster.server}')
  TO_BE_CREATED_KUBECONFIG_FILE=$kubeconfigname
  filepath() {
     readlink -f $TO_BE_CREATED_KUBECONFIG_FILE
  }
  if kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-cluster $CLUSTER --server=$URL --certificate-authority=./ca.crt --embed-certs=true && kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-credentials napp-admin --token=$TOKEN && kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-context $CONTEXT --cluster=$CLUSTER --user=napp-admin && kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE use-context $CONTEXT
  then
  echo "**********************************************************************************************"
  echo "kubeconfig file created on"; filepath
  echo "**********************************************************************************************"
  exit
  fi
  echo "Error creating Kubeconfig, Check folder permissions"
  exit
else
 echo "No valid option chosen, exiting"
fi