#!/usr/bin/env bash

me=$(basename "$0")
usage="Usage: $me [FILE]

Given a secrets YAML manifest, convert each secret value to base64
"

if [ $# -ne 1 ]; then
    echo "$usage"
    exit 1
fi

if ! [ -x "$(command -v yq)" ]; then
    echo 'Error: yq is not installed.' >&2
    exit 1
fi

file=$1
if [ ! -f "$file" ]; then
    echo "No such file: $file"
    exit 1
fi

# Read the YAML file
map=$(yq eval '.' "$file")

# Check if 'data' key exists
if ! yq eval '.data' "$file" > /dev/null 2>&1; then
    echo "The YAML file does not contain a 'data' key"
    exit 1
fi

# Get the 'data' object
data=$(yq eval '.data' "$file")

# For each key in the 'data' object
while IFS= read -r key; do
    # Base64 encode the value
    value=$(echo -n "$(yq eval ".${key}" <<< "$data")" | base64)
    # Update the 'data' object with the new value
    data=$(yq eval ".${key} = \"${value}\"" <<< "$data")
done <<< "$(yq eval '.data | keys | .[]' <<< "$map")"

# Update the YAML with the new 'data' object
map=$(yq eval ".data = \"${data}\"" <<< "$map")

# Print the new YAML
echo "$map"