# Generate Kubernetes Secret and ConfigMap Templates for All Services
# 为所有微服务生成 Kubernetes Secret 和 ConfigMap 模板

param(
    [string]$OutputDir = "d:\coding-area\devops\helm\kubernetes-secrets",
    [string]$Namespace = "production"
)

# Service list
$services = @(
    'shop-recycle-account',
    'shop-recycle-agent-pc-web',
    'shop-recycle-async-web',
    'shop-recycle-customer-wechat-web',
    'shop-recycle-data-statistics',
    'shop-recycle-dealdata-service',
    'shop-recycle-dispatcher',
    'shop-recycle-erp-pc-web',
    'shop-recycle-gateway',
    'shop-recycle-gateway-out',
    'shop-recycle-gateway-out-upgrade',
    'shop-recycle-import-web',
    'shop-recycle-login-center',
    'shop-recycle-marketer-pc-web',
    'shop-recycle-merchant',
    'shop-recycle-merchant-pc-web',
    'shop-recycle-merchant-wechat-web',
    'shop-recycle-msg',
    'shop-recycle-order-center',
    'shop-recycle-order-search',
    'shop-recycle-oss-web',
    'shop-recycle-out-web',
    'shop-recycle-payment',
    'shop-recycle-payment-web',
    'shop-recycle-pis',
    'shop-recycle-platform',
    'shop-recycle-platform-pc-web',
    'shop-recycle-sche',
    'shop-recycle-store',
    'shop-recycle-store-pc-web',
    'shop-recycle-store-wechat-web',
    'shop-recycle-wechat',
    'shop-recycle-wechat-web',
    'shop-recycle-ws-web'
)

$basePath = "d:\coding-area\devops\helm\conf"

# Create output directories
$secretsDir = "$OutputDir\secrets"
$configmapsDir = "$OutputDir\configmaps"

if (-not (Test-Path $secretsDir)) {
    New-Item -ItemType Directory -Path $secretsDir -Force | Out-Null
}
if (-not (Test-Path $configmapsDir)) {
    New-Item -ItemType Directory -Path $configmapsDir -Force | Out-Null
}

Write-Host "Generating Kubernetes Secret and ConfigMap templates..." -ForegroundColor Cyan
Write-Host "Output Directory: $OutputDir" -ForegroundColor Yellow
Write-Host ""

foreach ($service in $services) {
    $ymlPath = "$basePath\$service\conf\application.yml"
    
    if (Test-Path $ymlPath) {
        $content = Get-Content $ymlPath -Raw
        $lines = $content -split "`n"
        
        $secretData = @()
        $configData = @()
        
        foreach ($line in $lines) {
            if ($line.Trim() -eq '' -or $line.TrimStart().StartsWith('#')) {
                continue
            }
            
            $lower = $line.ToLower()
            
            # Determine if this is sensitive data
            $isSensitive = $false
            if ($lower -match 'password|secret|key|token|username|user|credential|auth|api-key|app-id|app-secret') {
                $isSensitive = $true
            }
            
            # Skip password/secret values that are null or empty
            if ($lower -match ':\s*null|:\s*""\s*$|:\s*$') {
                continue
            }
            
            $fieldName = ($line -split ':')[0].Trim()
            $fieldValue = ($line -split ':', 2)[1].Trim() -replace '"', '' -replace "'", ""
            
            if ($isSensitive) {
                if ($fieldValue -and $fieldValue -ne 'null') {
                    $secretData += "  $fieldName" + ": `"" + '${' + $fieldName.ToUpper().Replace('.', '_').Replace('-', '_') + "}`""
                }
            } else {
                if ($fieldValue -and $fieldValue -ne 'null') {
                    $configData += "  $fieldName" + ": `"$fieldValue`""
                }
            }
        }
        
        # Generate Secret YAML
        $secretYaml = @"
apiVersion: v1
kind: Secret
metadata:
  name: $service-secret
  namespace: $Namespace
type: Opaque
stringData:
"@
        
        if ($secretData.Count -gt 0) {
            $secretYaml += "`n" + ($secretData -join "`n")
        } else {
            $secretYaml += "`n  # No sensitive data found or all values are empty"
        }
        
        # Generate ConfigMap YAML
        $configYaml = @"
apiVersion: v1
kind: ConfigMap
metadata:
  name: $service-configmap
  namespace: $Namespace
data:
"@
        
        if ($configData.Count -gt 0) {
            $configYaml += "`n" + ($configData -join "`n")
        } else {
            $configYaml += "`n  # No non-sensitive configuration data found"
        }
        
        # Write files
        $secretFile = "$secretsDir\$service-secret.yaml"
        $configFile = "$configmapsDir\$service-configmap.yaml"
        
        $secretYaml | Out-File -FilePath $secretFile -Encoding UTF8
        $configYaml | Out-File -FilePath $configFile -Encoding UTF8
        
        Write-Host "Generated: $service" -ForegroundColor Green
        Write-Host "  Secret: $($secretData.Count) fields -> $secretFile"
        Write-Host "  ConfigMap: $($configData.Count) fields -> $configFile"
        Write-Host ""
    }
}

# Create apply script
$applyScript = @"
#!/bin/bash
# Apply all Secrets and ConfigMaps to Kubernetes

echo "Applying Secrets..."
kubectl apply -f $secretsDir -n $Namespace

echo "Applying ConfigMaps..."
kubectl apply -f $configmapsDir -n $Namespace

echo "Verification:"
kubectl get secrets -n $Namespace | grep -E 'shop-recycle.*-secret'
kubectl get configmaps -n $Namespace | grep -E 'shop-recycle.*-configmap'

echo "Done!"
"@

$applyScript | Out-File -FilePath "$OutputDir\apply-secrets.sh" -Encoding UTF8

Write-Host "========== SUMMARY ==========" -ForegroundColor Cyan
Write-Host "Total services processed: $($services.Count)"
Write-Host "Secrets directory: $secretsDir"
Write-Host "ConfigMaps directory: $configmapsDir"
Write-Host "Apply script: $OutputDir\apply-secrets.sh"
Write-Host ""
Write-Host "Next steps:" -ForegroundColor Yellow
Write-Host "1. Review all generated YAML files"
Write-Host "2. Replace placeholder values with actual credentials"
Write-Host "3. Run: bash $OutputDir\apply-secrets.sh"
Write-Host ""