import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.Vault;

initscript {
  repositories {
    mavenCentral()
  }
  dependencies {
    classpath 'com.bettercloud:vault-java-driver:4.1.0'
  }
}

boolean USE_ARTIFACTORY = false

if (System.getenv('VAULT_ADDR') == null) {
  throw new GradleException("You must set the VAULT_ADDR environment variable to use this init script.")
}

if (System.getenv('VAULT_ROLE_ID') == null && System.getenv('VAULT_SECRET_ID') == null && System.getenv('VAULT_TOKEN') == null) {
  throw new GradleException("You must set either the VAULT_ROLE_ID and VAULT_SECRET_ID environment variables, " +
    "or the VAULT_TOKEN environment variable to use this init script.")
}

final String vaultToken = System.getenv('VAULT_TOKEN') ?: new Vault(
  new VaultConfig()
    .address(System.env.VAULT_ADDR)
    .engineVersion(1)
    .build()
)
  .withRetries(5, 1000)
  .auth()
  .loginByAppRole("approle", System.env.VAULT_ROLE_ID, System.env.VAULT_SECRET_ID)
  .getAuthClientToken();

final Vault vault = new Vault(
  new VaultConfig()
    .address(System.env.VAULT_ADDR)
    .engineVersion(1)
    .token(vaultToken)
    .build()
)
  .withRetries(5, 1000)


if (USE_ARTIFACTORY) {
  final Map<String, String> artifactoryCredentials = vault.logical()
    .read("secret/elasticsearch-ci/artifactory.elstc.co")
    .getData();
  logger.info("Using elastic artifactory repos")
  Closure configCache = {
    return {
      name "artifactory-gradle-release"
      url "https://artifactory.elstc.co/artifactory/gradle-release"
      credentials {
        username artifactoryCredentials.get("username")
        password artifactoryCredentials.get("token")
      }
    }
  }
  settingsEvaluated { settings ->
    settings.pluginManagement {
      repositories {
        maven configCache()
      }
    }
  }
  projectsLoaded {
    allprojects {
      buildscript {
        repositories {
          maven configCache()
        }
      }
      repositories {
        maven configCache()
      }
    }
  }
}

projectsLoaded {
  rootProject {
    project.pluginManager.withPlugin('com.gradle.build-scan') {
      buildScan.server = 'https://gradle-enterprise.elastic.co'
    }
  }
}


final String buildCacheUrl = System.getProperty('org.elasticsearch.build.cache.url')
final boolean buildCachePush = Boolean.valueOf(System.getProperty('org.elasticsearch.build.cache.push', 'false'))

if (buildCacheUrl) {
  final Map<String, String> buildCacheCredentials = vault.logical()
    .read("secret/elasticsearch-ci/gradle-build-cache")
    .getData();
  gradle.settingsEvaluated { settings ->
    settings.buildCache {
      local {
        // Disable the local build cache in CI since we use ephemeral workers and it incurs an IO penalty
        enabled = false
      }
      remote(HttpBuildCache) {
        url = buildCacheUrl
        push = buildCachePush
        credentials {
          username = buildCacheCredentials.get("username")
          password = buildCacheCredentials.get("password")
        }
      }
    }
  }
}