#!/bin/bash
set -e

# This script sets up the SSH key for Docker provider authentication
# It should be run before terraform init/plan/apply

echo "Setting up SSH key for Docker provider..."

# Skip TLS verification for self-signed certificates
export VAULT_SKIP_VERIFY=1

# Login to Vault using AppRole
echo "Authenticating to Vault with AppRole..."
VAULT_TOKEN=$(vault write -field=token auth/approle/login \
  role_id="${VAULT_ROLE_ID}" \
  secret_id="${VAULT_SECRET_ID}")
export VAULT_TOKEN

# Create .ssh directory if it doesn't exist
mkdir -p .ssh

# Fetch SSH private key from Vault and write to file
# Use -format=json to get raw value and preserve newlines
vault kv get -format=json secret/docker-ssh | jq -r '.data.data["private-key"]' > .ssh/id_rsa

# Ensure the key ends with a newline
echo "" >> .ssh/id_rsa

# Set correct permissions
chmod 600 .ssh/id_rsa

echo "SSH key setup complete"
echo "Key file size: $(wc -c < .ssh/id_rsa) bytes"
echo "Key file lines: $(wc -l < .ssh/id_rsa) lines"