#!/usr/bin/env bash

# Try to read telemetry and certs config from ConfigDB.
# Use default value if no valid config exists
X509=`sonic-cfggen -d -v "DEVICE_METADATA['x509']"`
gnmi=`sonic-cfggen -d -v "TELEMETRY['gnmi']"`
certs=`sonic-cfggen -d -v "TELEMETRY['certs']"`

TELEMETRY_ARGS=" -logtostderr"
export CVL_SCHEMA_PATH=/usr/sbin/schema

if [ -n "$certs" ]; then
    SERVER_CRT=`sonic-cfggen -d -v "TELEMETRY['certs']['server_crt']"`
    SERVER_KEY=`sonic-cfggen -d -v "TELEMETRY['certs']['server_key']"`
    if [ -z $SERVER_CRT  ] || [ -z $SERVER_KEY  ]; then
        TELEMETRY_ARGS+=" --insecure"
    else
        TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY "
    fi

    CA_CRT=`sonic-cfggen -d -v "TELEMETRY['certs']['ca_crt']"`
    if [ ! -z $CA_CRT ]; then
        TELEMETRY_ARGS+=" --ca_crt $CA_CRT"
    fi
elif [ -n "$X509" ]; then
    SERVER_CRT=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_crt']"`
    SERVER_KEY=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_key']"`
    if [ -z $SERVER_CRT  ] || [ -z $SERVER_KEY  ]; then
        TELEMETRY_ARGS+=" --insecure"
    else
        TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY "
    fi

    CA_CRT=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['ca_crt']"`
    if [ ! -z $CA_CRT ]; then
        TELEMETRY_ARGS+=" --ca_crt $CA_CRT"
    fi
else
    TELEMETRY_ARGS+=" --insecure"
fi

# If no configuration entry exists for TELEMETRY, create one default port
if [ -z "$gnmi" ]; then
    sonic-db-cli CONFIG_DB hset "TELEMETRY|gnmi" port 8080
fi

PORT=`sonic-cfggen -d -v "TELEMETRY['gnmi']['port']"`
TELEMETRY_ARGS+=" --port $PORT"

CLIENT_AUTH=`sonic-cfggen -d -v "TELEMETRY['gnmi']['client_auth']"`
if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then
    TELEMETRY_ARGS+=" --allow_no_client_auth"
fi

LOG_LEVEL=`sonic-cfggen -d -v "TELEMETRY['gnmi']['log_level']"`
if [ ! -z $LOG_LEVEL ]; then
    TELEMETRY_ARGS+=" -v=$LOG_LEVEL"
else
    TELEMETRY_ARGS+=" -v=2"
fi

exec /usr/sbin/telemetry ${TELEMETRY_ARGS}