#!/bin/bash
set -euo pipefail

# Seed env2's single test site with Akka and gRPC addresses.
# Run after deploy.sh once the env2 central cluster is healthy.
#
# Prerequisites:
#   - Infrastructure services running (infra/docker-compose up -d)
#   - Env2 application containers running (docker-env2/deploy.sh)
#   - Env2 central cluster healthy (curl http://localhost:9100/health/ready)
#
# Usage:
#   docker-env2/seed-sites.sh

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
CLI="dotnet run --project $PROJECT_ROOT/src/ScadaLink.CLI --"
AUTH="--username multi-role --password password"
URL="--url http://localhost:9100"

echo "=== Seeding ScadaLink Env2 Sites ==="

echo ""
echo "Creating Site-X (Env2 Site X)..."
$CLI $URL $AUTH site create \
    --name "Env2 Site X" \
    --identifier "site-x" \
    --description "Env2 test site - two-node cluster" \
    --node-a-address "akka.tcp://scadalink@scadalink-env2-site-x-a:8082" \
    --node-b-address "akka.tcp://scadalink@scadalink-env2-site-x-b:8082" \
    --grpc-node-a-address "http://scadalink-env2-site-x-a:8083" \
    --grpc-node-b-address "http://scadalink-env2-site-x-b:8083" \
|| echo "  (Site-X may already exist)"

echo ""
echo "Seeding LDAP group mappings (Design + Deployment)..."
# SecurityConfiguration.HasData declares 4 mappings but the InitialSchema
# migration only inserts the Admin row, so a fresh ScadaLinkConfig2 starts
# with multi-role getting Admin only -- no Design and no Deployment access.
# Insert the missing three idempotently. (Same divergence exists on the
# primary, but primary's database has the rows from earlier history.)
docker exec -i scadalink-mssql /opt/mssql-tools18/bin/sqlcmd \
    -S localhost -U sa -P 'ScadaLink_Dev1#' -C \
    -d ScadaLinkConfig2 -Q "
SET IDENTITY_INSERT LdapGroupMappings ON;
IF NOT EXISTS (SELECT 1 FROM LdapGroupMappings WHERE Id = 2)
    INSERT INTO LdapGroupMappings (Id, LdapGroupName, Role) VALUES (2, 'SCADA-Designers', 'Design');
IF NOT EXISTS (SELECT 1 FROM LdapGroupMappings WHERE Id = 3)
    INSERT INTO LdapGroupMappings (Id, LdapGroupName, Role) VALUES (3, 'SCADA-Deploy-All', 'Deployment');
IF NOT EXISTS (SELECT 1 FROM LdapGroupMappings WHERE Id = 4)
    INSERT INTO LdapGroupMappings (Id, LdapGroupName, Role) VALUES (4, 'SCADA-Deploy-SiteA', 'Deployment');
SET IDENTITY_INSERT LdapGroupMappings OFF;
"

echo ""
echo "=== Env2 site seeding complete ==="
echo ""
echo "Verify with: $CLI $URL $AUTH site list"
echo "Multi-role test user now has Admin + Design + Deployment in env2."
echo "Sign out and back in to refresh session role claims."