#!/bin/bash
set -ex

# This script is used to configure instance so that it works as expected in US isolated regions.
# The script supports the configuration for Amazon Linux 2 only.
# Furthermore, the script fails if the provided region is not a US isolated region.
#
# Usage:   ./patch-iso-instance.sh
# Example: ./patch-iso-instance.sh

function get_instance_region {
  local _token=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 3600")
  curl -H "X-aws-ec2-metadata-token: $_token" -v "http://169.254.169.254/latest/meta-data/placement/region" 2> /dev/null
}

REGION="$(get_instance_region)"

[[ ${REGION} != us-iso* ]] && echo "[ERROR] The specified region '${REGION}' is not a US isolated region" && exit 1

source /etc/os-release
OS="${ID}${VERSION_ID}"
[[ "${OS}" != "amzn2" ]] && echo "[ERROR] Unsupported OS '${OS}'. Configuration supported only on Amazon Linux 2." && exit 1

echo "[INFO] Starting: instance configuration for US isolated region"

echo "[INFO] Starting: installation of packages from amazon Linux 2 repository for US isolated region"

REPOSITORY_DEFINITION_FILE="/etc/yum.repos.d/tmp-amzn2-iso.repo"

cat > ${REPOSITORY_DEFINITION_FILE} <<REPO_DEFINITION
[amzn2-iso]
name=Amazon Linux 2 isolated region repository
mirrorlist=http://amazonlinux.\$awsregion.\$awsdomain/\$releasever/core-\$awsregion/latest/\$basearch/mirror.list
priority=9
gpgcheck=0
enabled=1
metadata_expire=300
mirrorlist_expire=300
report_instanceid=yes
REPO_DEFINITION

yum --disablerepo="*" --enablerepo="amzn2-iso" install -y "*-${REGION}"
rm -f ${REPOSITORY_DEFINITION_FILE}

echo "[INFO] Complete: installation of packages from amazon Linux 2 repository for US isolated region"

echo "[INFO] Starting: CA bundle configuration for AWS CLI in US isolated region"

USERS=(<%= @users %>)
CA_BUNDLE="/etc/pki/${REGION}/certs/ca-bundle.pem"

for user in "${USERS[@]}"; do
  echo "[INFO] Setting CA bundle ${CA_BUNDLE} for user ${user}"
  sudo mkhomedir_helper $user
  sudo -u $user aws configure set ca_bundle "$CA_BUNDLE"
done

echo "[INFO] Complete: CA bundle configuration for AWS CLI in US isolated region"

echo "[INFO] Starting: Setting system-wide environment variables for AWS CLI in US isolated region"

echo "export AWS_DEFAULT_REGION=${REGION}" >> /etc/profile.d/aws-cli-default-config.sh

echo "Defaults env_keep += \"AWS_DEFAULT_REGION AWS_CA_BUNDLE\"" > /etc/sudoers.d/pcluster-aws-cli-envkeep

echo "[INFO] Complete: Setting system-wide environment variables for AWS CLI in US isolated region"

echo "[INFO] Complete: instance configuration for US isolated region"