#!/usr/bin/env nix-shell
#!nix-shell -p vault -p jq -i bash

set -euo pipefail

readonly server_name=${1}

export VAULT_ADDR=https://vault.int.lukegb.com/

echo Checking login credentials...
vault token lookup >/dev/null || vault login -method=oidc role=admin

echo Grabbing approle accessor...
APPROLE_ACCESSOR="$(vault auth list -format=json | jq -r '.["approle/"].accessor')"
echo -ne "\t${APPROLE_ACCESSOR}\n"

echo Creating new approle...
vault write auth/approle/role/${server_name} \
	secret_id_num_uses=0 \
	secret_id_ttl="" \
	token_ttl=20m \
	token_max_ttl=30m \
	token_policies="default,server" \
	token_max_uses=0

echo Setting role-id...
vault write auth/approle/role/${server_name}/role-id role_id=${server_name}

echo Creating new secret...
SECRET_ID="$(vault write -f -format=json auth/approle/role/${server_name}/secret-id | jq -r '.data.secret_id')"
echo -ne "\t$SECRET_ID\n"

echo Creating entity...
ENTITY_ID="$(vault write -format=json identity/entity \
	name="${server_name}" \
	policies="server" \
	metadata="server=${server_name}" | jq -r '.data.id')"
echo -ne "\t$ENTITY_ID\n"

echo Creating entity alias...
vault write identity/entity-alias \
	name="${server_name}" \
	canonical_id="${ENTITY_ID}" \
	mount_accessor="${APPROLE_ACCESSOR}"