#!/usr/bin/env bash
# Get environment variable values from Azure CLI
# This script outputs commands that can be used to populate .env file
# Usage: ./scripts/deployment/get-env-values.sh > env-updates.txt

set -euo pipefail

# Colors for output

# Check if Azure CLI is installed
if ! command -v az &> /dev/null; then
    log_error "Error: Azure CLI is not installed >&2"
    exit 1
fi

# Check if logged in
if ! az account show &> /dev/null; then
    log_error "Error: Not logged in to Azure. Run 'az login' first >&2"
    exit 1
fi

echo "# Azure Configuration (from Azure CLI)"
echo "# Generated on: $(date)"

# Get Azure Subscription ID
echo "# Azure Subscription ID"
SUBSCRIPTION_ID=$(az account show --query id -o tsv 2>/dev/null || echo "")
if [ -n "$SUBSCRIPTION_ID" ]; then
    echo "AZURE_SUBSCRIPTION_ID=$SUBSCRIPTION_ID"
else
    echo "# AZURE_SUBSCRIPTION_ID=<not-available>"
fi

# Get Azure Tenant ID
echo "# Azure Tenant ID"
TENANT_ID=$(az account show --query tenantId -o tsv 2>/dev/null || echo "")
if [ -n "$TENANT_ID" ]; then
    echo "AZURE_TENANT_ID=$TENANT_ID"
else
    echo "# AZURE_TENANT_ID=<not-available>"
fi

# Get Azure Resource Group
echo "# Azure Resource Group (default or existing)"
RESOURCE_GROUP="${AZURE_RESOURCE_GROUP:-defi-oracle-mainnet-rg}"
# Check if it exists
if az group show --name "$RESOURCE_GROUP" &> /dev/null; then
    echo "AZURE_RESOURCE_GROUP=$RESOURCE_GROUP  # (exists)"
else
    # Try to find any matching resource group
    FOUND_RG=$(az group list --query "[?contains(name, 'defi-oracle')].name" -o tsv 2>/dev/null | head -n 1 || echo "")
    if [ -n "$FOUND_RG" ]; then
        echo "AZURE_RESOURCE_GROUP=$FOUND_RG  # (found existing)"
    else
        echo "AZURE_RESOURCE_GROUP=$RESOURCE_GROUP  # (will be created)"
    fi
fi

# Get Azure Location
echo "# Azure Location"
LOCATION=$(az account show --query location -o tsv 2>/dev/null || echo "westeurope")
echo "AZURE_LOCATION=${LOCATION:-westeurope}"

# Terraform Backend Configuration
echo "# Terraform Backend Configuration"
TFSTATE_RG="${ARM_RESOURCE_GROUP_NAME:-tfstate-rg}"
echo "# Storage account resource group: $TFSTATE_RG"

# Check for existing storage account
STORAGE_ACCOUNT=$(az storage account list --resource-group "$TFSTATE_RG" --query "[?contains(name, 'tfstate')].name" -o tsv 2>/dev/null | head -n 1 || echo "")

if [ -n "$STORAGE_ACCOUNT" ]; then
    echo "ARM_RESOURCE_GROUP_NAME=$TFSTATE_RG"
    echo "ARM_STORAGE_ACCOUNT_NAME=$STORAGE_ACCOUNT"
    echo "ARM_CONTAINER_NAME=tfstate"
    
    # Get access key
    ACCESS_KEY=$(az storage account keys list \
        --resource-group "$TFSTATE_RG" \
        --account-name "$STORAGE_ACCOUNT" \
        --query "[0].value" -o tsv 2>/dev/null || echo "")
    
    if [ -n "$ACCESS_KEY" ]; then
        echo "ARM_ACCESS_KEY=$ACCESS_KEY"
    else
        echo "# ARM_ACCESS_KEY=<get-manually>"
        echo "# Run: az storage account keys list --resource-group $TFSTATE_RG --account-name $STORAGE_ACCOUNT --query '[0].value' -o tsv"
    fi
else
    echo "# Terraform backend storage account not found"
    echo "# ARM_RESOURCE_GROUP_NAME=$TFSTATE_RG"
    echo "# ARM_STORAGE_ACCOUNT_NAME=<create-new-or-specify-existing>"
    echo "# ARM_CONTAINER_NAME=tfstate"
    echo "# ARM_ACCESS_KEY=<get-after-creating-storage-account>"
    echo "# To create storage account, run:"
    echo "#   ./scripts/deployment/populate-env.sh"
fi

# Cloudflare Configuration (manual)
echo "# Cloudflare Configuration (requires manual input)"
echo "# Get these from Cloudflare Dashboard:"
echo "#   - Zone ID: Dashboard > Your Domain > Overview > Zone ID"
echo "#   - API Token: Dashboard > My Profile > API Tokens > Create Token"
echo "# CLOUDFLARE_ZONE_ID=<your-zone-id>"
echo "# CLOUDFLARE_API_TOKEN=<your-api-token>"

# Service Principal (optional)
echo "# Azure Service Principal (optional - for CI/CD)"
echo "# If using service principal instead of interactive login:"
echo "# AZURE_CLIENT_ID=<service-principal-app-id>"
echo "# AZURE_CLIENT_SECRET=<service-principal-secret>"
echo "# (AZURE_TENANT_ID and AZURE_SUBSCRIPTION_ID are set above)"

# Contract Deployment (optional)
echo "# Contract Deployment (optional - set after infrastructure is deployed)"
echo "# RPC_URL=https://rpc.d-bis.org"
echo "# EXPLORER_URL=https://explorer.d-bis.org"
echo "# PRIVATE_KEY=<your-deployment-private-key>"

echo "# End of generated values"
echo "# Review and add to your .env file"