#!/usr/bin/env bash

# Microsoft Azure Linux Agent
#
# Copyright 2018 Microsoft Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#
# Script adds cron job on reboot to make sure iptables rules are added to allow access to Wireserver and also, enable the firewall config flag
#
set -eao pipefail

if [[ $# -ne 1 ]]; then
    echo "Usage: agent_persist_firewall-test_setup <test-user>"
    exit 1
fi


# crontab and ping are not installed on some distros, e.g. Ubuntu Minimal
if ! command -v crontab; then
    echo "crontab is not available. Installing cron."
    apt-get update
    apt-get install -y cron
fi
if ! command -v ping; then
    echo "ping is not available. Installing iputils-ping."
    apt-get update
    apt-get install -y iputils-ping
fi

echo "Creating cron jobs to access Wireserver on reboot"
set -x  # echo the commands used to set up the cron jobs
(
    echo "@reboot /home/$1/bin/agent_persist_firewall-access_wireserver $1 > /tmp/reboot-cron-root.log 2>&1" | crontab -u root -
    echo "@reboot /home/$1/bin/agent_persist_firewall-access_wireserver $1 > /tmp/reboot-cron-$1.log 2>&1" | crontab -u $1 -
) 2>&1
set +x

echo "Enabling firewall in waagent.conf"
update-waagent-conf OS.EnableFirewall=y
