#!/bin/bash

# Internal Initialization

source "${DIP_FUNCTIONS}"

[[ -r "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_NAME}.conf" ]] && \
    source "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_NAME}.conf"

[[ -r "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_EXEC}.conf" ]] && \
    source "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_EXEC}.conf"

if [[ -z "$agent_aws_sg_id" ]]; then
    logerr "ERROR: Need 'agent_aws_sg_id' to be defined to your Security Group ID"
    exit 99
fi

#if [[ -d "${DIP_BASE_DIR}/aws" ]]; then
#    if [[ ! -r "${DIP_BASE_DIR}/aws/config" ]]; then
#        logerr "ERROR: AWS config file not found: '${DIP_BASE_DIR}/aws/config'"
#        exit 99
#    elif [[ ! -r "${DIP_BASE_DIR}/aws/credentials" ]]; then
#        logerr "ERROR: AWS credentials file not found: '${DIP_BASE_DIR}/aws/credentials'"
#        exit 99
#    else
#        export AWS_CONFIG_FILE="${DIP_BASE_DIR}/aws/config"
#        export AWS_SHARED_CREDENTIALS_FILE="${DIP_BASE_DIR}/aws/credentials"
#    fi
#else
#    logerr "ERROR: AWS config directory not found. '${DIP_BASE_DIR}/aws/' is expected to exist and contain 'config' and 'credentials' for AWS access."
#    exit 99
#fi

if [[ -z "$AWS_ACCESS_KEY_ID" || -z "$AWS_SECRET_ACCESS_KEY" || -z "$AWS_DEFAULT_REGION" ]]; then
    echo "ERROR: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY need to be set"
    exit 99
fi

if [[ -z "$DIP_CUR_IP" || -z "$DIP_OLD_IP" ]]; then
    logerr "ERROR: Agent expects currentip, and existingip."
    exit 98
fi


# Main

if valid_ipv4 "$DIP_CUR_IP"; then
    if [[ "${DIP_CUR_IP}/32" = "${DIP_OLD_IP}/32" ]]; then
        log "No changes required."
    else
        log "Updating Security Group IP"
        aws ec2 revoke-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"IpRanges\": [{\"CidrIp\": \"${DIP_OLD_IP}/32\"}]}]"
        aws ec2 authorize-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"IpRanges\": [{\"CidrIp\": \"${DIP_CUR_IP}/32\"}]}]"
    fi
fi

if valid_ipv6 "$DIP_CUR_IP"; then
    currentprefix=$(getIPv6Prefix "$DIP_CUR_IP")
    existingprefix=$(getIPv6Prefix "$DIP_OLD_IP")

    if [[ "$currentprefix" = "$existingprefix" ]]; then
        log "No changes required."
    else
        log "Updating Security Group IPv6"
        aws ec2 revoke-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${existingprefix}\"}]}]"
        aws ec2 authorize-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${currentprefix}\"}]}]"
    fi
fi