#!/bin/bash
#
# Copyright (c) 2020 Oracle and/or its affiliates. All rights reserved.
# Licensed under the GNU General Public License Version 2 as shown at https://oss.oracle.com/licenses/GPL-2.

whitelist="install
status
delete
upgrade
"

set -e
kubecfg="$1"
shift
namespace="$1"
shift
act="$1"
shift
cleanup_legacy_resources="$1"
shift
# Only used in the "install" path
desired_istio_install_version="$1"
shift

# Returns not found so we can mark the resource as uninstalled
if [ ! -f /usr/local/bin/istioctl ]; then
    echo "istioctl not found" >> /dev/stderr
    exit 1
fi

# Validate input
if ! echo "$whitelist" | grep -q -x "$act"; then
    echo "$act cannot be performed by this script"
    exit 1
fi

echo "kubecfg: $kubecfg namespace: $namespace act: $act cleanup_legacy_resources: $cleanup_legacy_resources"

export KUBECONFIG="$kubecfg"

if [[ "${act}" == "delete" ]]; then
    # TODO: Generate from the manfest we installed with rather than the default
    set +e
    /usr/local/bin/istioctl manifest generate "$@" | kubectl delete --ignore-not-found=true -f -
    set -e
    kubectl delete --ignore-not-found=true ClusterRoleBinding -l app=istio-init
    kubectl delete --ignore-not-found=true ClusterRoleBinding -l release=istio
    kubectl delete --ignore-not-found=true ClusterRoleBinding istio-multi

    kubectl delete --ignore-not-found=true ServiceAccount istio-multi -n istio-system
    kubectl delete --ignore-not-found=true ServiceAccount istio-init-service-account  -n istio-system

    kubectl delete --ignore-not-found=true ClusterRole -l app=istio-init
    kubectl delete --ignore-not-found=true ClusterRole -l release=istio
    kubectl delete --ignore-not-found=true ClusterRole istio-reader

    # Delete the CRD Jobs
    kubectl get job --ignore-not-found=true -n istio-system | grep istio-init-crd | awk '{ print $1 }' | xargs --no-run-if-empty -n1 kubectl --ignore-not-found=true delete job -n istio-system

    kubectl delete ns --ignore-not-found=true istio-system
fi

if [[ "${act}" == "install" ]]; then
	kubectl get namespace "$namespace" || kubectl create namespace "$namespace"

    if [[ ${desired_istio_install_version} == "1.5"* ]]; then
        # Is == 1.5
	    /usr/local/bin/istioctl manifest apply --skip-confirmation $@
    else
        # Is >= 1.6
	    /usr/local/bin/istioctl install --skip-confirmation $@
    fi
fi

if [[ "${act}" == "status" ]]; then
    /usr/local/bin/istioctl proxy-status
fi

if [[ "${act}" == "upgrade" ]]; then
    # Using --force allows us to upgrade from 1.4.10 -> 1.5.10 "$@"
    /usr/local/bin/istioctl upgrade --force -y "$@"

    if [[ "${cleanup_legacy_resources}" != "" ]]; then
        set +e
        kubectl -n istio-system delete --ignore-not-found=true deployment istio-citadel istio-galley istio-pilot istio-policy istio-sidecar-injector istio-telemetry
        kubectl -n istio-system delete --ignore-not-found=true service istio-citadel istio-policy istio-sidecar-injector istio-telemetry
        kubectl -n istio-system delete --ignore-not-found=true horizontalpodautoscaler.autoscaling/istio-pilot horizontalpodautoscaler.autoscaling/istio-telemetry
        kubectl -n istio-system delete --ignore-not-found=true pdb istio-citadel istio-galley istio-pilot istio-policy istio-sidecar-injector istio-telemetry
        kubectl -n istio-system delete --ignore-not-found=true deployment istiocoredns
        kubectl -n istio-system delete --ignore-not-found=true service istiocoredns

        kubectl delete --ignore-not-found=true policies.authentication.istio.io --all-namespaces --all
        kubectl delete --ignore-not-found=true meshpolicies.authentication.istio.io --all
        set -e
    fi
fi
