#!/bin/bash
set -e

# 1. Bridge env vars to files for the agent
#    (The agent is configured to read from these paths)
echo "Writing AppRole creds to files..."
echo -n "$VAULT_ROLE_ID" > /vault/secrets/role_id
echo -n "$VAULT_SECRET_ID" > /vault/secrets/secret_id

# 2. Start the Vault Agent in the background
echo "Starting Vault Agent..."
vault agent -config=/etc/vault/agent-config.hcl -log-level=debug &
AGENT_PID=$!

# 3. Wait for BOTH secret files to be rendered
echo "Waiting for admin credentials..."
while [ ! -f /vault/secrets/.admin-ready ]; do
  sleep 1
done
echo "Admin credentials ready."

echo "Waiting for app credentials..."
while [ ! -f /vault/secrets/.app-ready ]; do
  sleep 1
done
echo "App credentials ready."

# 4. Source the credentials into the environment
echo "Sourcing credentials..."
set -a # Automatically export all variables
. /vault/secrets/admin.env
. /vault/secrets/app.env
set +a

# 5. Execute the main container command (e.g., setup.sh or daphne)
echo "Executing command: $@"
exec "$@"