#!/bin/bash -e

function get_token() {
    kubectl exec statefulset/app -- gitea admin user generate-access-token \
            --username "$name" \
            --token-name "${name^^}" \
            --scopes "$scopes" \
        | awk '{print $NF}'
}

name="$1"
scopes="$2"
email="$name@$BASE_URL"
secret="gitea-$name"

if ! kubectl get secret "$secret" > /dev/null 2>&1; then
    kcreatesec "$secret" \
        --from-literal=email="$email" \
        --from-literal=username="$name" \
        --from-literal=password="$(openssl rand -hex 32)"
    NAME="$name" SECRET="$secret" kapply common/createadmin.yaml
fi

if [ -n "$scopes" ]; then
    kcreatesec "$secret" \
        --from-literal=email="$email" \
        --from-literal=username="$name" \
        --from-literal=password="$(kgseckey "$secret" password)" \
        --from-literal=token="$(kgseckey "$secret" token || get_token)"
fi