#!/bin/bash

# Ensure a secret name is provided
if [ -z "$1" ]; then
  echo "Usage: $0 <onepassword-secret-name>"
  exit 1
fi

# Set the secret name
SECRET_NAME=$1

# Check if 1Password CLI is installed
if ! command -v op &> /dev/null; then
  echo "1Password CLI (op) could not be found. Please install it first."
  exit 1
fi

# Sign in to 1Password (ensure OP_SESSION_myaccount is set in the environment)
if [ -z "$OP_SESSION_myaccount" ]; then
  eval $(op signin my)
fi

# Retrieve the admin password from 1Password
ADMIN_PASSWORD=$(op read "op://Personal/$SECRET_NAME/password")

if [ -z "$ADMIN_PASSWORD" ]; then
  echo "Failed to retrieve the admin password from 1Password."
  exit 1
fi

# Generate bcrypt hash of the password
HASHED_PASSWORD=$(htpasswd -nbBC 10 "" "$ADMIN_PASSWORD" | tr -d ':\n' | sed 's/$2y/$2a/')

# Create the Kubernetes secret
kubectl create secret generic argocd-secret \
  --from-literal=admin.password=$HASHED_PASSWORD \
  -n argocd

echo "ArgoCD admin password secret created successfully."