#!/bin/bash
#
# Copyright 2013 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

set -eu

SCRIPT_NAME=$(basename $0)
SCRIPT_HOME=$(dirname $0)

GROUP=""
PASSWORD=""

function show_options () {
    echo "Usage: $SCRIPT_NAME [options] <username> <useremail>"
    echo
    echo "Create a well formed user in a cloud."
    echo "A tenant with the same name as the user is automatically created unless"
    echo "it already exists."
    echo
    echo "The admin user is added to the tenant in the admin role."
    echo
    echo "Options:"
    echo "    -p, --password -- the password for the user."
    echo
    echo "For instance: $SCRIPT_NAME joe joe@example.com"
    echo "would create a tenant 'joe', a user 'joe' with email joe@example.com"
    echo "and a random password."
    exit $1
}

TEMP=`getopt -o p: -l password: -n $SCRIPT_NAME -- "$@"`
if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi

# Note the quotes around `$TEMP': they are essential!
eval set -- "$TEMP"

while true ; do
    case "$1" in
        -p | --password) export PASSWORD="$2"; shift 2 ;;
        -h) show_options 0;;
        --) shift ; break ;;
        *) echo "Error: unsupported option $1." ; exit 1 ;;
    esac
done

NAME=${1:-""}
EMAIL=${2:-""}

if [ -z "$NAME" -o -z "$EMAIL" ]; then
    show_options 1
fi

PASSWORD=${PASSWORD:-$(os-make-password)}

ADMIN_ROLE=$(keystone role-get admin| awk '$2=="id" {print $4}')
if [ -z "$ADMIN_ROLE" ]; then
    echo "Could not find admin role" >&2
    exit 1
fi
MEMBER_ROLE=$(keystone role-get _member_| awk '$2=="id" {print $4}')
# Role _member_ is implicitly created by Keystone only while creating a new user
# If no users were created, need to create a role explicitly
if [ -z "$MEMBER_ROLE" ]; then
    MEMBER_ROLE=$(keystone role-create --name=_member_ | awk '$2=="id" {print $4}')
    echo "Created role _member_ with id ${MEMBER_ROLE}" >&2
fi
ADMIN_USER_ID=$(keystone user-get admin | awk '$2=="id" {print $4}')
if [ -z "$ADMIN_USER_ID" ]; then
    echo "Could not find admin user" >&2
    exit 1
fi

if ! keystone tenant-get $NAME 1>/dev/null 2>&1 ; then
    USER_TENANT_ID=$(keystone tenant-create --name=$NAME | awk '$2=="id" {print $4}')
    if [ -z "$USER_TENANT_ID" ]; then
        echo "Failed to create tenant $NAME" >&2
        exit 1
    fi
else
    USER_TENANT_ID=$(keystone tenant-get $NAME 2>/dev/null| awk '$2=="id" {print $4}')
    if [ -z "$USER_TENANT_ID" ]; then
        echo "Failed to retrieve existing tenant $NAME" >&2
        exit 1
    fi
fi

USER_ID=$(keystone user-get $NAME | awk '$2=="id" {print $4}')
if [ -z "$USER_ID" ]; then
    USER_ID=$(keystone user-create --name=$NAME \
            --pass="$PASSWORD" \
            --email=$EMAIL | awk '$2=="id" {print $4}')
    if [ -z "$USER_ID" ]; then
        echo "Failed to create user $NAME" >&2
        exit 1
    else
        echo "Created user $NAME with password '$PASSWORD'"
    fi
else
    echo "User $NAME with id $USER_ID already exists"
fi

if keystone user-role-list --user-id $USER_ID --tenant-id $USER_TENANT_ID | grep -q "\s$MEMBER_ROLE\s"; then
    echo "Role $MEMBER_ROLE is already granted for user $USER_ID with tenant $USER_TENANT_ID"
else
    keystone user-role-add --user-id $USER_ID --role-id $MEMBER_ROLE --tenant-id $USER_TENANT_ID
fi

if keystone user-role-list --user-id $ADMIN_USER_ID --tenant-id $USER_TENANT_ID | grep -q "\s$ADMIN_ROLE\s"; then
    echo "Role $ADMIN_ROLE is already granted for user $ADMIN_USER_ID with tenant $USER_TENANT_ID"
else
    keystone user-role-add --user-id $ADMIN_USER_ID --role-id $ADMIN_ROLE --tenant-id $USER_TENANT_ID
fi
