#!/bin/bash
set -euo pipefail

CLUSTER_NAME=$EKS_CLUSTER_NAME
REGION="us-east-1"

echo "Fetching cluster info..."

# Get VPC ID
VPC_ID=$(aws eks describe-cluster \
  --name "$CLUSTER_NAME" \
  --region "$REGION" \
  --query "cluster.resourcesVpcConfig.vpcId" \
  --output text)

# Get subnet IDs (space‐separated)
SUBNET_IDS=$(aws eks describe-cluster \
  --name "$CLUSTER_NAME" \
  --region "$REGION" \
  --query "cluster.resourcesVpcConfig.subnetIds[]" \
  --output text)

# Get EKS cluster SG
CLUSTER_SG=$(aws eks describe-cluster \
  --name "$CLUSTER_NAME" \
  --region "$REGION" \
  --query "cluster.resourcesVpcConfig.clusterSecurityGroupId" \
  --output text)

echo "Creating security group for EFS (if not exists)..."

SG_ID=$(aws ec2 create-security-group \
  --group-name "efs-sg-$CLUSTER_NAME" \
  --description "Security group for EFS" \
  --vpc-id "$VPC_ID" \
  --region "$REGION" \
  --query "GroupId" \
  --output text)

# Tag SG properly
aws ec2 create-tags \
  --resources "$SG_ID" \
  --tags Key=Name,Value="efs-sg-$CLUSTER_NAME" \
  --region "$REGION"

# Allow NFS traffic from EKS cluster SG to this SG
aws ec2 authorize-security-group-ingress \
  --group-id "$SG_ID" \
  --protocol tcp \
  --port 2049 \
  --source-group "$CLUSTER_SG" \
  --region "$REGION"

echo "Creating EFS file system..."

EFS_ID=$(aws efs create-file-system \
  --creation-token "$CLUSTER_NAME-efs" \
  --performance-mode generalPurpose \
  --throughput-mode provisioned \
  --provisioned-throughput-in-mibps 100 \
  --encrypted \
  --region "$REGION" \
  --tags Key=Name,Value="$CLUSTER_NAME-efs" \
  --query "FileSystemId" \
  --output text)

echo "File system created: $EFS_ID"

export EFS_ID


# Wait for file system to be AVAILABLE
echo "Waiting for EFS to become AVAILABLE..."
while true; do
  STATE=$(aws efs describe-file-systems \
    --file-system-id "$EFS_ID" \
    --region "$REGION" \
    --query "FileSystems[0].LifeCycleState" \
    --output text)

  if [[ "$STATE" == "available" ]]; then
    echo "EFS is AVAILABLE"
    break
  fi

  echo "Current EFS state: $STATE. Sleeping 10s..."
  sleep 10
done

echo "Creating mount targets in unique AZs..."

# Track AZs so we only create one mount target per AZ
declare -A AZ_MOUNT_CREATED

for subnet in $SUBNET_IDS; do
  # Get AZ of the subnet
  AZ=$(aws ec2 describe-subnets \
    --subnet-ids "$subnet" \
    --region "$REGION" \
    --query "Subnets[0].AvailabilityZone" \
    --output text)

  if [[ -n "${AZ_MOUNT_CREATED[$AZ]:-}" ]]; then
    echo "Skipping subnet $subnet (AZ $AZ already has a mount target)"
    continue
  fi

  echo "Creating mount target in subnet $subnet (AZ $AZ)..."
  aws efs create-mount-target \
    --file-system-id "$EFS_ID" \
    --subnet-id "$subnet" \
    --security-groups "$SG_ID" \
    --region "$REGION"

  AZ_MOUNT_CREATED[$AZ]=1
done

echo "✅ EFS setup completed!"
echo "👉 File System ID: $EFS_ID"
echo "Update the StorageClass and PVC files with this EFS ID"