#!/usr/bin/env bash

function gitops_cluster_help() {
  [[ -n "$1" ]] && echo_warning "$1"
  reset_colors
  cat << EOM
Usage:
  mas gitops-cluster [options]
Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
When no options are specified on the command line, interactive-mode will be enabled by default.

Basic Configuration (Required):
  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}         Directory for GitOps repository
  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}          Account ID
  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}          Cluster ID
      --custom-labels ${COLOR_YELLOW}CUSTOM_LABELS${TEXT_RESET}    Custom Labels definition in dict format

AWS Secrets Manager Configuration (Required):
      --sm-aws-secret-region ${COLOR_YELLOW}SM_AWS_REGION${TEXT_RESET}                Region of the AWS Secrets Manager to use
      --sm-aws-access-key ${COLOR_YELLOW}SM_AWS_ACCESS_KEY_ID${TEXT_RESET}            Your AWS Access Key ID
      --sm-aws-secret-key ${COLOR_YELLOW}SM_AWS_SECRET_ACCESS_KEY${TEXT_RESET}        Your AWS Secret Key
      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                         Secrets Manager path
      --skip-aws-secret-creation ${COLOR_YELLOW}SKIP_AWS_SECRET_CREATION${TEXT_RESET} If set, cluster AWS secret will be verified but not created. For use when cluster AWS secret is managed by some other configuration mechanism (e.g. Terraform).

IBM Container Registry Entitlement (Required):
      --icr-username ${COLOR_YELLOW}ICR_USERNAME${TEXT_RESET}  Username to authenticate with IBM Container Registry (defaults to 'cp')
      --icr-password ${COLOR_YELLOW}ICR_PASSWORD${TEXT_RESET}  Provide your IBM entitlement key used for access to the IBM Container Registry

Target Cluster (Optional):
      --cluster-url ${COLOR_YELLOW}CLUSTER_URL${TEXT_RESET}       Set to target a remote Kubernetes cluster (defaults to 'https://kubernetes.default.svc')

Operator Catalog (Optional):
      --catalog-version ${COLOR_YELLOW}MAS_CATALOG_VERSION${TEXT_RESET}   Set the version of IBM Maximo Operator Catalog (defaults to 'v8-240130-amd64')
      --catalog-image ${COLOR_YELLOW}MAS_CATALOG_IMAGE${TEXT_RESET}       Container image to use for IBM Maximo Operator Catalog (defaults to 'icr.io/cpopen/ibm-maximo-operator-catalog')
      --catalog-action ${COLOR_YELLOW}MAS_CATALOG_ACTION${TEXT_RESET}     Action to take for IBM Maximo Operator Catalog ('install', 'update' or 'none'. Default is 'install')

Redhat Cert Manager (Optional):
      --install-redhat-cert-manager ${COLOR_YELLOW}INSTALL_REDHAT_CERT_MANAGER${TEXT_RESET}                                      Install RedHat Cert Manager (default to true)  
      --redhat-cert-manager-install-plan ${COLOR_YELLOW}REDHAT_CERT_MANAGER_INSTALL_PLAN${TEXT_RESET}                            Set Redhat Cert manager subscription install plan approval ('Automatic' or 'Manual'. Default is 'Automatic')

IBM CIS Cert Manager:
      --dns-provider ${COLOR_YELLOW}DNS_PROVIDER${TEXT_RESET}                         DNS Provider, Currently supported CIS (Akamai support inprogress)
      --ingress ${COLOR_YELLOW}INGRESS${TEXT_RESET}                                   true/false, If true, ingress-controller for cis-proxy will be configured

Custom Cluster Service Accounts (Optional):
      --custom_sa_namespace ${COLOR_YELLOW}CUSTOM_SA_NAMESPACE${TEXT_RESET}   Namespace to create the Service Account(s) in
      --custom_sa_details ${COLOR_YELLOW}CUSTOM_SA_DETAILS${TEXT_RESET}       Comma delimited list of key:value pairs where the key is the Service Account name and the value is the Cluster Role ('serviceaccount1:cluster-admin,serviceaccount2:cluster-reader')

Automatic GitHub Push (Optional):
  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}         Enable automatic push to GitHub
  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}         GitHub Hostname for your GitOps repository
  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}           Github org for your GitOps repository
  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}         Github repo for your GitOps repository
  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}              Git ssh key path
  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}           Git branch to commit to of your GitOps repository
  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}   Git commit message to use when committing to of your GitOps repository

Cluster Promotion (Optional):
      --cluster-promotion ${COLOR_YELLOW}CLUSTER_PROMOTION${TEXT_RESET}                                         Enable cluster promotion processing
      --cluster-promotion-target-github-pat ${COLOR_YELLOW}CLUSTER_PROMOTION_TARGET_GITHUB_PAT${TEXT_RESET}     The github PAT to use when commiting the change to the target promotion repo
      --cluster-promotion-target-github-host ${COLOR_YELLOW}CLUSTER_PROMOTION_TARGET_GITHUB_HOST${TEXT_RESET}   The github host to use when commiting the change to the target promotion repo
      --cluster-promotion-target-github-repo ${COLOR_YELLOW}CLUSTER_PROMOTION_TARGET_GITHUB_REPO${TEXT_RESET}   The github repo to use when commiting the change to the target promotion repo
      --cluster-promotion-target-github-org ${COLOR_YELLOW}CLUSTER_PROMOTION_TARGET_GITHUB_ORG${TEXT_RESET}     The github org to use when commiting the change to the target promotion repo
      --cluster-promotion-target-github-path ${COLOR_YELLOW}CLUSTER_PROMOTION_TARGET_GITHUB_PATH${TEXT_RESET}   The path in the github target repo to update under when commiting the change to the target promotion repo
      --cluster-promotion-target-git-branch ${COLOR_YELLOW}CLUSTER_PROMOTION_TARGET_GIT_BRANCH${TEXT_RESET}     The git branch to use when commiting the change to the target promotion repo
      --cluster-promotion-create-target-pr ${COLOR_YELLOW}CLUSTER_PROMOTION_CREATE_TARGET_PR${TEXT_RESET}       Create a PR to the CLUSTER_PROMOTION_TARGET_GIT_BRANCH branch instead of commiting directly to it.
      --cluster-promotion-target-pr-title ${COLOR_YELLOW}CLUSTER_PROMOTION_TARGET_PR_TITLE${TEXT_RESET}         The title of the PR if a PR is to be created
      --cluster-promotion-cluster-values ${COLOR_YELLOW}CLUSTER_PROMOTION_CLUSTER_VALUES${TEXT_RESET}           A list of values in json format to update in the target git repo.

DevOps Details (Optional):
      --devops-build-number ${COLOR_YELLOW}DEVOPS_BUILD_NUMBER${TEXT_RESET}                                     The build number to associate with the junitreporter for each argocd app sync
      --devops-mongo-uri ${COLOR_YELLOW}DEVOPS_MONGO_URI${TEXT_RESET}                                           The Mongo uri used by the junitreporter to store test/run records

Notifications (Optional):
      --slack-channel-id ${COLOR_YELLOW}SLACK_CHANNEL_ID${TEXT_RESET}                                           Slack channel for ArgoCD to notify when an app sync has completed or failed

Selenium Grid (Optional):
      --install-selenium-grid ${COLOR_YELLOW}INSTALL_SELENIUM_GRID${TEXT_RESET}                                 Install Selenium Grid

Group Sync Operator (Optional):
      --install-group-sync-operator ${COLOR_YELLOW}INSTALL_GROUP_SYNC_OPERATOR${TEXT_RESET}                     Install the Group Sync Operator

IBM RBAC (Optional):
      --install-ibm-rbac ${COLOR_YELLOW}INSTALL_IBM_RBAC${TEXT_RESET}                                           Install the IBM RBAC roles and role bindings

CrowdStrike Falcon Operator (Optional):
      --install-falcon-operator ${COLOR_YELLOW}INSTALL_FALCON_OPERATOR${TEXT_RESET}                             Install the CrowdStrike Falcon Operator

Cluster Logging Operator (Optional):
      --install-cluster-logging-operator ${COLOR_YELLOW}CLUSTER_LOGGING_OPERATOR_INSTALL${TEXT_RESET}                                           Install the Cluster Logging Operator
      --cluster-logging-operator-use-syslog-forwarder ${COLOR_YELLOW}CLUSTER_LOGGING_OPERATOR_USE_SYSLOG_FORWARDER${TEXT_RESET}                 Flag to use syslog forwarder in the ClusterLogForwarder
      --cluster-logging-operator-install-plan ${COLOR_YELLOW}CLUSTER_LOGGING_OPERATOR_INSTALL_PLAN${TEXT_RESET}                                 Install plan for the subscription of the Cluster Logging Operator
      --cluster-logging-operator-channel ${COLOR_YELLOW}CLUSTER_LOGGING_OPERATOR_CHANNEL${TEXT_RESET}                                           Channel for the subscription of the Cluster Logging Operator
      --cluster-logging-operator-setup-log-forwarding ${COLOR_YELLOW}CLUSTER_LOGGING_OPERATOR_SETUP_LOG_FORWARDING${TEXT_RESET}                 Flag to setup the deployment for syslog forwarder
      --cluster-logging-operator-log-forwarder-client-url ${COLOR_YELLOW}CLUSTER_LOGGING_OPERATOR_LOG_FORWARDER_CLIENT_URL${TEXT_RESET}         The syslog forwarder client url for the DLC
      --cluster-logging-operator-syslog-forwarder-version ${COLOR_YELLOW}CLUSTER_LOGGING_OPERATOR_SYSLOG_FORWARDER_VERSION${TEXT_RESET}         Syslog forwarder image version
      --cluster-logging-operator-dlc-ca-bundle-file ${COLOR_YELLOW}CLUSTER_LOGGING_OPERATOR_DLC_CA_BUNDLE_FILE${TEXT_RESET}                     Location of file containing DLC CA Certificates

Instana Agent Operator (Optional):
      --install-instana-agent-operator ${COLOR_YELLOW}INSTANA_AGENT_OPERATOR_INSTALL${TEXT_RESET}               Install the Instana Agent Operator

MAS CLI Image (Optional):
      --mas-cli-image-repo ${COLOR_YELLOW}MAS_CLI_IMAGE_REPO{TEXT_RESET}               The repo that holds the MAS CLI image to be pulled in ArgoCD. Only needed if using a mirror registry, and not quay.io

Image Repository Mirror
      --image-repo-mirror          ${COLOR_YELLOW}IMAGE_REPO_MIRROR${TEXT_RESET}                 Setup an image repository mirror. Image pulls by digest from icr.io and cp.icr.io  will be redirected by OCP to a repository of your choosing (via an IDMS).
      --image-repo-mirror-host     ${COLOR_YELLOW}IMAGE_REPO_MIRROR_HOST${TEXT_RESET}            Host of image repository to direct pulls from icr.io and cp.icr.io to. E.g. ECR 012345678910.dkr.ecr.us-east-1.amazonaws.com
      --image-repo-mirror-prefix   ${COLOR_YELLOW}IMAGE_REPO_MIRROR_PREFIX${TEXT_RESET}          Prefix that will be added to the paths of any images referenced in the image repository mirror. E.g. "250701" will result in a pull of icr.io/myimage being redirected to IMAGE_REPO_MIRROR_HOST/250701/myimage.

Other Commands:
  -h, --help                              Show this help message
EOM

  [[ -n "$1" ]] && exit 1 || exit 0
}

function gitops_cluster_noninteractive() {
  # Set defaults
  GITOPS_WORKING_DIR=$PWD/working-dir
  SM_DELIM="/"

  export GITHUB_PUSH="false"
  export GIT_COMMIT_MSG=${GIT_COMMIT_MSG:-"gitops-cluster commit"}
  export MAS_CATALOG_VERSION=${MAS_CATALOG_VERSION:-"v8-240130-amd64"}
  export MAS_CATALOG_IMAGE=${MAS_CATALOG_IMAGE:-"icr.io/cpopen/ibm-maximo-operator-catalog"}
  export ICR_USERNAME=cp
  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
  export REDHAT_CERT_MANAGER_INSTALL_PLAN=${REDHAT_CERT_MANAGER_INSTALL_PLAN:-"Automatic"}
  export INSTALL_REDHAT_CERT_MANAGER=${INSTALL_REDHAT_CERT_MANAGER:-"true"}

  # Target the local (to ArgoCD) cluster
  export CLUSTER_URL=${CLUSTER_URL:-"https://kubernetes.default.svc"}


  while [[ $# -gt 0 ]]
  do
    key="$1"
    shift
    case $key in
      # GitOps Configuration
      -d|--dir)
        export GITOPS_WORKING_DIR=$1 && shift
        ;;
      -a|--account-id)
        export ACCOUNT_ID=$1 && shift
        ;;
      -c|--cluster-id)
        export CLUSTER_ID=$1 && shift
        ;;
      --custom-labels)
        export CUSTOM_LABELS=$1 && shift
        ;;

      # AWS Secrets Manager Configuration
      --sm-aws-secret-region)
        export SM_AWS_REGION=$1
        export REGION_ID=$1
        shift
        ;;
      --sm-aws-access-key)
        export SM_AWS_ACCESS_KEY_ID=$1 && shift
        ;;
      --sm-aws-secret-key)
        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
        ;;
      --secrets-path)
        export SECRETS_PATH=$1 && shift
        ;;
      --skip-aws-secret-creation)
        export SKIP_AWS_SECRET_CREATION=true
        ;;

      # IBM Container Registry Entitlement
      --icr-username)
        export ICR_USERNAME=$1 && shift
        ;;
      --icr-password)
        export ICR_PASSWORD=$1 && shift
        ;;

      # Target Cluster (Optional)
      --cluster-url)
        export CLUSTER_URL=$1 && shift
        ;;

      # Operator Catalog
      --catalog-version)
        export MAS_CATALOG_VERSION=$1 && shift
        ;;
      --catalog-image)
        export MAS_CATALOG_IMAGE=$1 && shift
        ;;

      # Redhat Cert Manager
      --install-redhat-cert-manager)
        export INSTALL_REDHAT_CERT_MANAGER=true
        ;;
      --redhat-cert-manager-install-plan)
        export REDHAT_CERT_MANAGER_INSTALL_PLAN=$1 && shift
        ;;

      # MAS CLI
      --mas-cli-image-repo)
        export MAS_CLI_IMAGE_REPO=$1 && shift
        ;;

      # Automatic GitHub Push (Optional)
      -P|--github-push)
        export GITHUB_PUSH=true
        ;;
      -H|--github-host)
        export GITHUB_HOST=$1 && shift
        ;;
      -O|--github-org)
        export GITHUB_ORG=$1 && shift
        ;;
      -R|--github-repo)
        export GITHUB_REPO=$1 && shift
        ;;
      -B|--git-branch)
        export GIT_BRANCH=$1 && shift
        ;;
      -M|--git-commit-msg)
        export GIT_COMMIT_MSG=$1 && shift
        ;;
      -S|--github-ssh)
        export GIT_SSH=$1 && shift
        ;;

      # Notifications
      --slack-channel-id)
        export SLACK_CHANNEL_ID=$1 && shift
        ;;

      # Cluster Promotion
      --cluster-promotion)
        export CLUSTER_PROMOTION=true
        ;;
      --cluster-promotion-target-github-pat)
        export CLUSTER_PROMOTION_TARGET_GITHUB_PAT=$1 && shift
        ;;
      --cluster-promotion-target-github-host)
        export CLUSTER_PROMOTION_TARGET_GITHUB_HOST=$1 && shift
        ;;
      --cluster-promotion-target-github-repo)
        export CLUSTER_PROMOTION_TARGET_GITHUB_REPO=$1 && shift
        ;;
      --cluster-promotion-target-github-org)
        export CLUSTER_PROMOTION_TARGET_GITHUB_ORG=$1 && shift
        ;;
      --cluster-promotion-target-github-path)
        export CLUSTER_PROMOTION_TARGET_GITHUB_PATH=$1 && shift
        ;;
      --cluster-promotion-target-git-branch)
        export CLUSTER_PROMOTION_TARGET_GIT_BRANCH=$1 && shift
        ;;
      --cluster-promotion-create-target-pr)
        export CLUSTER_PROMOTION_CREATE_TARGET_PR=true
        ;;
      --cluster-promotion-target-pr-title)
        export CLUSTER_PROMOTION_TARGET_PR_TITLE=$1 && shift
        ;;
      --cluster-promotion-cluster-values)
        export CLUSTER_PROMOTION_CLUSTER_VALUES=$1 && shift
        ;;


      # DevOps Details
      --devops-build-number)
        export DEVOPS_BUILD_NUMBER=$1 && shift
        ;;
      --devops-mongo-uri)
        export DEVOPS_MONGO_URI=$1 && shift
        ;;

      # IBM CIS Cert Manager 
      --dns-provider)
        export DNS_PROVIDER=$1 && shift
        ;;
      --ocp-cluster-domain)
        export OCP_CLUSTER_DOMAIN=$1 && shift
        ;;
      --ingress)
        export INGRESS=$1 && shift
        ;;

      --nonshared)
        export NONSHARED=$1 && shift
        ;;
      --install-selenium-grid)
        export INSTALL_SELENIUM_GRID=true
        ;;

      # Custom Cluster Service Accounts
      --custom_sa_namespace)
        export CUSTOM_SA_NAMESPACE=$1 && shift
        ;;
      --custom_sa_details)
        export CUSTOM_SA_DETAILS=$1 && shift
        ;;

      # Group Sync Operator
      --install-group-sync-operator)
        export INSTALL_GROUP_SYNC_OPERATOR=true
        ;;
      
      # IBM RBAC
      --install-ibm-rbac)
        export INSTALL_IBM_RBAC=true
        ;;

      # CrowdStrike Falcon Operator
      --install-falcon-operator)
        export INSTALL_FALCON_OPERATOR=true
        ;;

      # Cluster Logging Operator
      --install-cluster-logging-operator)
        export CLUSTER_LOGGING_OPERATOR_INSTALL=true
        ;;
      --cluster-logging-operator-use-syslog-forwarder)
        export CLUSTER_LOGGING_OPERATOR_USE_SYSLOG_FORWARDER=true
        ;;
      --cluster-logging-operator-install-plan)
        export CLUSTER_LOGGING_OPERATOR_INSTALL_PLAN=$1 && shift
        ;;
      --cluster-logging-operator-channel)
        export CLUSTER_LOGGING_OPERATOR_CHANNEL=$1 && shift
        ;;
      --cluster-logging-operator-setup-log-forwarding)
        export CLUSTER_LOGGING_OPERATOR_SETUP_LOG_FORWARDING=true
        ;;
      --cluster-logging-operator-log-forwarder-client-url)
        export CLUSTER_LOGGING_OPERATOR_LOG_FORWARDER_CLIENT_URL=$1 && shift
        ;;
      --cluster-logging-operator-syslog-forwarder-version)
        export CLUSTER_LOGGING_OPERATOR_SYSLOG_FORWARDER_VERSION=$1 && shift
        ;;
      --cluster-logging-operator-dlc-ca-bundle-file)
        export CLUSTER_LOGGING_OPERATOR_DLC_CA_BUNDLE_FILE=$1 && shift
        ;;
      # Instana Agent Operator
      --install-instana-agent-operator)
        export INSTANA_AGENT_OPERATOR_INSTALL=true
        ;;

      # Image repository mirror
      --image-repo-mirror)
        export IMAGE_REPO_MIRROR=true
        ;;
      --image-repo-mirror-host)
        export IMAGE_REPO_MIRROR_HOST=$1 && shift
        ;;
      --image-repo-mirror-prefix)
        export IMAGE_REPO_MIRROR_PREFIX=$1 && shift
        ;;

      # Other Commands
      -h|--help)
        gitops_cluster_help
        ;;
      *)
        # unknown option
        gitops_cluster_help  "Usage Error: Unsupported option \"${key}\""
        ;;
    esac
  done

  [[ -z "$ACCOUNT_ID" ]] && gitops_cluster_help "ACCOUNT_ID is not set"
  [[ -z "$CLUSTER_ID" ]] && gitops_cluster_help "CLUSTER_ID is not set"
  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_cluster_help "REGION_ID or SM_AWS_REGION is not set"
  [[ -z "$CLUSTER_URL" ]] && gitops_cluster_help "CLUSTER_URL is not set"
  
  if [[ "$GITHUB_PUSH" == "true" ]]; then
    [[ -z "$GITHUB_HOST" ]] && gitops_cluster_help "GITHUB_HOST is not set"
    [[ -z "$GITHUB_ORG" ]] && gitops_cluster_help "GITHUB_ORG is not set"
    [[ -z "$GITHUB_REPO" ]] && gitops_cluster_help "GITHUB_REPO is not set"
    [[ -z "$GIT_BRANCH" ]] && gitops_cluster_help "GIT_BRANCH is not set"
  fi

  if [[ "${DNS_PROVIDER}" == "cis" ]]; then
    [[ -z "$OCP_CLUSTER_DOMAIN" ]] && gitops_cluster_help "OCP_CLUSTER_DOMAIN is not set"
  fi

  [[ -z "$SECRETS_PATH" ]] && gitops_cluster_help "SECRETS_PATH is not set"

  if [[ -n "$DEVOPS_MONGO_URI" ]]; then
    [[ -z "$DEVOPS_BUILD_NUMBER" ]] && gitops_cluster_help "DEVOPS_BUILD_NUMBER is not set"
  fi

  if [[ "$CLUSTER_PROMOTION" == "true" ]]; then
    [[ -z "$CLUSTER_PROMOTION_TARGET_GITHUB_PAT" ]] && gitops_cluster_help "CLUSTER_PROMOTION_TARGET_GITHUB_PAT is not set"
    [[ -z "$CLUSTER_PROMOTION_TARGET_GITHUB_HOST" ]] && gitops_cluster_help "CLUSTER_PROMOTION_TARGET_GITHUB_HOST is not set"
    [[ -z "$CLUSTER_PROMOTION_TARGET_GITHUB_REPO" ]] && gitops_cluster_help "CLUSTER_PROMOTION_TARGET_GITHUB_REPO is not set"
    [[ -z "$CLUSTER_PROMOTION_TARGET_GITHUB_ORG" ]] && gitops_cluster_help "CLUSTER_PROMOTION_TARGET_GITHUB_ORG is not set"
    [[ -z "$CLUSTER_PROMOTION_TARGET_GITHUB_PATH" ]] && gitops_cluster_help "CLUSTER_PROMOTION_TARGET_GITHUB_PATH is not set"
    [[ -z "$CLUSTER_PROMOTION_TARGET_GIT_BRANCH" ]] && gitops_cluster_help "CLUSTER_PROMOTION_TARGET_GIT_BRANCH is not set"
    [[ -z "$CLUSTER_PROMOTION_CREATE_TARGET_PR" ]] && gitops_cluster_help "CLUSTER_PROMOTION_CREATE_TARGET_PR is not set"
    [[ -z "$CLUSTER_PROMOTION_CLUSTER_VALUES" ]] && gitops_cluster_help "CLUSTER_PROMOTION_CLUSTER_VALUES is not set"
    if [[ "$CLUSTER_PROMOTION_CREATE_TARGET_PR" == "true" ]]; then
      [[ -z "$CLUSTER_PROMOTION_TARGET_PR_TITLE" ]] && gitops_cluster_help "CLUSTER_PROMOTION_TARGET_PR_TITLE is not set"
    fi
  fi

  if [[ -n "${CUSTOM_SA_NAMESPACE}" ]] || [[ -n "${CUSTOM_SA_DETAILS}" ]]; then
    [[ -z "$CUSTOM_SA_NAMESPACE" ]] && gitops_cluster_help "CUSTOM_SA_NAMESPACE is not set"
    [[ -z "$CUSTOM_SA_DETAILS" ]] && gitops_cluster_help "CUSTOM_SA_DETAILS is not set"
    [[ ! "$CUSTOM_SA_DETAILS" =~ ^[a-zA-Z0-9_-]+:[a-zA-Z0-9_-]+(,[a-zA-Z0-9_-]+:[a-zA-Z0-9_-]+)*$ ]] && gitops_cluster_help "CUSTOM_SA_DETAILS has incorrect syntax"
  fi

  if [ -z $ICR_USERNAME ] || [ -z $ICR_PASSWORD ]; then
    echo 'Missing required environment variables, make sure to set ICR_USERNAME, ICR_PASSWORD'
    exit 1
  fi

  if [[ "$CLUSTER_LOGGING_OPERATOR_SETUP_LOG_FORWARDING" == "true" ]]; then
    [[ -z "$CLUSTER_LOGGING_OPERATOR_DLC_CA_BUNDLE_FILE" ]] && gitops_cluster_help "CLUSTER_LOGGING_OPERATOR_DLC_CA_BUNDLE_FILE is not set"
    [[ -z "$CLUSTER_LOGGING_OPERATOR_LOG_FORWARDER_CLIENT_URL" ]] && gitops_cluster_help "CLUSTER_LOGGING_OPERATOR_LOG_FORWARDER_CLIENT_URL is not set"
  fi

  if [[ "$IMAGE_REPO_MIRROR" == "true" ]]; then
    [[ -z "$IMAGE_REPO_MIRROR_HOST" ]] && gitops_cluster_help "IMAGE_REPO_MIRROR_HOST is not set"
    [[ -z "$IMAGE_REPO_MIRROR_PREFIX" ]] && gitops_cluster_help "IMAGE_REPO_MIRROR_PREFIX is not set"
  fi
}

function gitops_cluster() {
  # Take the first parameter off (it will be create-gitops)
  shift
  if [[ $# -gt 0 ]]; then
    gitops_cluster_noninteractive "$@"
  else
    echo "Not supported yet"
    exit 1
    gitops_cluster_interactive
  fi

  # catch errors
  set -o pipefail
  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR

  mkdir -p ${GITOPS_WORKING_DIR}
  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}

  echo
  reset_colors
  echo_h2 "Review Settings"

  # set default values
  export CLUSTER_LOGGING_OPERATOR_INSTALL=${CLUSTER_LOGGING_OPERATOR_INSTALL:-"false"}
  export CLUSTER_LOGGING_OPERATOR_USE_SYSLOG_FORWARDER=${CLUSTER_LOGGING_OPERATOR_USE_SYSLOG_FORWARDER:-"false"}
  export CLUSTER_LOGGING_OPERATOR_SETUP_LOG_FORWARDING=${CLUSTER_LOGGING_OPERATOR_SETUP_LOG_FORWARDING:-"false"}
  export CLUSTER_LOGGING_OPERATOR_CHANNEL=${CLUSTER_LOGGING_OPERATOR_CHANNEL:-"stable-5.9"}
  export CLUSTER_LOGGING_OPERATOR_SYSLOG_FORWARDER_VERSION=${CLUSTER_LOGGING_OPERATOR_SYSLOG_FORWARDER_VERSION:-"1.8-amd64"}

  if [[ "${DNS_PROVIDER}" == "cis" ]]; then
    # Replace first occurance of 'apps.' with 'public.' only if OCP_CLUSTER_DOMAIN starts with 'apps.'
    export OCP_PUBLIC_CLUSTER_DOMAIN=$(echo $OCP_CLUSTER_DOMAIN | sed 's/^apps./public./')
    # Disable provision public ingress controller by default 
    export INGRESS=${INGRESS:-"false"}
  fi
  export CLUSTER_NONSHARED=${NONSHARED:-"false"}
  
  echo "${TEXT_DIM}"
  echo_h2 "Target" "    "
  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
  echo_reset_dim "Cluster URL .................... ${COLOR_MAGENTA}${CLUSTER_URL}"
  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
  echo_reset_dim "Nonshared Cluster .............. ${COLOR_MAGENTA}${CLUSTER_NONSHARED}"
  reset_colors

  echo "${TEXT_DIM}"
  if [[ "$GITHUB_PUSH" == "true" ]]; then
    echo_h2 "GitOps Target" "    "
    echo_reset_dim "Automatic Push ............... ${COLOR_GREEN}Enabled"
    echo_reset_dim "Working Directory ............ ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
    echo_reset_dim "Host ......................... ${COLOR_MAGENTA}${GITHUB_HOST}"
    echo_reset_dim "Organization ................. ${COLOR_MAGENTA}${GITHUB_ORG}"
    echo_reset_dim "Repository ................... ${COLOR_MAGENTA}${GITHUB_REPO}"
    echo_reset_dim "Branch ....................... ${COLOR_MAGENTA}${GIT_BRANCH}"
  else
    echo_h2 "GitOps Target" "    "
    echo_reset_dim "Automatic Push ............... ${COLOR_RED}Disabled"
    echo_reset_dim "Working Directory ............ ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
  fi
  reset_colors

  echo "${TEXT_DIM}"
  echo_h2 "AWS Secrets Manager" "    "
  echo_reset_dim "Region ................................. ${COLOR_MAGENTA}${SM_AWS_REGION}"
  echo_reset_dim "Secret Key ............................. ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
  echo_reset_dim "Access Key ............................. ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
  echo_reset_dim "Secrets Path ........................... ${COLOR_MAGENTA}${SECRETS_PATH}"
  echo_reset_dim "Skip creation of cluster AWS secret? ... ${COLOR_MAGENTA}${SKIP_AWS_SECRET_CREATION}"
  reset_colors

  echo "${TEXT_DIM}"
  echo_h2 "IBM Maximo Operator Catalog" "    "
  echo_reset_dim "Catalog Version ................ ${COLOR_MAGENTA}${MAS_CATALOG_VERSION}"
  echo_reset_dim "Catalog Image .................. ${COLOR_MAGENTA}${MAS_CATALOG_IMAGE}"
  reset_colors

  echo "${TEXT_DIM}"
  echo_h2 "Redhat Certificate Manager" "    "
  echo_reset_dim "Install RedHat Cert Manager .................................................. ${COLOR_MAGENTA}${INSTALL_REDHAT_CERT_MANAGER}"
  if [[ "$INSTALL_REDHAT_CERT_MANAGER" == "true" ]]; then
    echo_reset_dim "Redhat Certificate Manager Subscription Install Plan Approval ................ ${COLOR_MAGENTA}${REDHAT_CERT_MANAGER_INSTALL_PLAN}"
  fi
  reset_colors

  echo "${TEXT_DIM}"
  echo_h2 "Cluster Promotion" "    "
  echo_reset_dim "Cluster Promotion   ............. ${COLOR_MAGENTA}${CLUSTER_PROMOTION}"
  if [[ "$CLUSTER_PROMOTION" == "true" ]]; then
    echo_reset_dim "Github PAT  ..................... ${COLOR_MAGENTA}${CLUSTER_PROMOTION_TARGET_GITHUB_PAT:0:4}<snip>"
    echo_reset_dim "GitHub Host  .................... ${COLOR_MAGENTA}${CLUSTER_PROMOTION_TARGET_GITHUB_HOST}"
    echo_reset_dim "GitHub Repo  .................... ${COLOR_MAGENTA}${CLUSTER_PROMOTION_TARGET_GITHUB_REPO}"
    echo_reset_dim "GitHub Org  ..................... ${COLOR_MAGENTA}${CLUSTER_PROMOTION_TARGET_GITHUB_ORG}"
    echo_reset_dim "GitHub Path  .................... ${COLOR_MAGENTA}${CLUSTER_PROMOTION_TARGET_GITHUB_PATH}"
    echo_reset_dim "Git Branch  ..................... ${COLOR_MAGENTA}${CLUSTER_PROMOTION_TARGET_GIT_BRANCH}"
    echo_reset_dim "Create Target PR  ............... ${COLOR_MAGENTA}${CLUSTER_PROMOTION_CREATE_TARGET_PR}"
    echo_reset_dim "Target PR Title   ............... ${COLOR_MAGENTA}${CLUSTER_PROMOTION_TARGET_PR_TITLE}"
    echo_reset_dim "Cluster Values  ................. ${COLOR_MAGENTA}${CLUSTER_PROMOTION_CLUSTER_VALUES}"
  fi
  reset_colors

  if [[ -n "$DNS_PROVIDER" ]]; then
    echo "${TEXT_DIM}"
    echo_h2 "IBM CIS Cert Manager" "    "
    echo_reset_dim "DNS Provider .................... ${COLOR_MAGENTA}${DNS_PROVIDER}"
    echo_reset_dim "Open Shift Cluster Domain ....... ${COLOR_MAGENTA}${OCP_CLUSTER_DOMAIN}"
    echo_reset_dim "OCP Public Domain ............... ${COLOR_MAGENTA}${OCP_PUBLIC_CLUSTER_DOMAIN}"
    echo_reset_dim "Public Ingress Controller ....... ${COLOR_MAGENTA}${INGRESS}"
    reset_colors
  fi

  if [[ -n "$CUSTOM_SA_NAMESPACE" ]]; then
    echo "${TEXT_DIM}"
    echo_h2 "Custom Cluster Service Accounts" "    "
    echo_reset_dim "Service Account Namespace .................... ${COLOR_MAGENTA}${CUSTOM_SA_NAMESPACE}"
    echo_reset_dim "Service Account Details ....... ${COLOR_MAGENTA}${CUSTOM_SA_DETAILS}"
    reset_colors
  fi

  echo "${TEXT_DIM}"
  echo_h2 "DevOps Details" "    "
  echo_reset_dim "Devops Build Number ............. ${COLOR_MAGENTA}${DEVOPS_BUILD_NUMBER}"
  echo_reset_dim "Devops Mongo Uri ................ ${COLOR_MAGENTA}${DEVOPS_MONGO_URI:0:8}<snip>"
  reset_colors

  echo "${TEXT_DIM}"
  echo_h2 "Selenium Grid" "    "
  echo_reset_dim "Install Selenium Grid ........... ${COLOR_MAGENTA}${INSTALL_SELENIUM_GRID}"
  reset_colors

  echo "${TEXT_DIM}"
  echo_h2 "Group Sync Operator" "    "
  echo_reset_dim "Install the Group Sync Operator ........... ${COLOR_MAGENTA}${INSTALL_GROUP_SYNC_OPERATOR}"
  reset_colors

  echo "${TEXT_DIM}"
  echo_h2 "IBM RBAC" "    "
  echo_reset_dim "Install IBM RBAC ........... ${COLOR_MAGENTA}${INSTALL_IBM_RBAC}"
  reset_colors

  echo "${TEXT_DIM}"
  echo_h2 "CrowdStrike Falcon Operator" "    "
  echo_reset_dim "Install the CrowdStrike Falcon Operator ........... ${COLOR_MAGENTA}${INSTALL_FALCON_OPERATOR}"
  reset_colors

  echo "${TEXT_DIM}"
  echo_h2 "Cluster Logging Operator" "    "
  echo_reset_dim "Install the Cluster Logging Operator ........... ${COLOR_MAGENTA}${CLUSTER_LOGGING_OPERATOR_INSTALL}"
  echo_reset_dim "Use Syslog Forwarder ........................... ${COLOR_MAGENTA}${CLUSTER_LOGGING_OPERATOR_USE_SYSLOG_FORWARDER}"
  if [[ "$CLUSTER_LOGGING_OPERATOR_SETUP_LOG_FORWARDING" == "true" ]]; then
    echo_reset_dim "Setup Log Forwarding ........................... ${COLOR_MAGENTA}${CLUSTER_LOGGING_OPERATOR_SETUP_LOG_FORWARDING}"
    echo_reset_dim "Operator Channel ............................... ${COLOR_MAGENTA}${CLUSTER_LOGGING_OPERATOR_CHANNEL}"
    echo_reset_dim "DLC CA Bundle File ............................. ${COLOR_MAGENTA}${CLUSTER_LOGGING_OPERATOR_DLC_CA_BUNDLE_FILE}"
  fi
  reset_colors

  echo "${TEXT_DIM}"
  echo_h2 "Instana Agent Operator" "    "
  echo_reset_dim "Install the Instana Agent Operator ........... ${COLOR_MAGENTA}${INSTANA_AGENT_OPERATOR_INSTALL}"
  reset_colors

  if [[ -n "$MAS_CLI_IMAGE_REPO" ]]; then
    echo "${TEXT_DIM}"
    echo_h2 "MAS CLI Image" "    "
    echo_reset_dim "MAS CLI Image repo ........... ${COLOR_MAGENTA}${MAS_CLI_IMAGE_REPO}"
    reset_colors
  fi

  if [[ "$IMAGE_REPO_MIRROR" == "true" ]]; then
    echo "${TEXT_DIM}"
    echo_h2 "Image Repository Mirror" "    "
    echo_reset_dim "Repository Host ........... ${COLOR_MAGENTA}${IMAGE_REPO_MIRROR_HOST}"
    echo_reset_dim "Repository Prefix ......... ${COLOR_MAGENTA}${IMAGE_REPO_MIRROR_PREFIX}"
    reset_colors
  fi

  
  # Set up secrets
  # ---------------------------------------------------------------------------
  echo
  echo_h2 "Configuring Cluster secrets"
  AVP_TYPE=aws
  sm_login

  export SECRET_NAME_IBM_ENTITLEMENT=${ACCOUNT_ID}${SM_DELIM}${CLUSTER_ID}${SM_DELIM}ibm_entitlement
  export SECRET_KEY_IBM_ENTITLEMENT=${SECRET_NAME_IBM_ENTITLEMENT}#image_pull_secret_b64

  export SECRET_NAME_CIS=${ACCOUNT_ID}${SM_DELIM}${CLUSTER_ID}${SM_DELIM}cis
  export SECRET_KEY_IBM_APIKEY=${SECRET_NAME_CIS}#ibm_apikey

  export SECRET_NAME_DEVOPS_MONGO=${ACCOUNT_ID}${SM_DELIM}${CLUSTER_ID}${SM_DELIM}devops
  export SECRET_KEY_DEVOPS_MONGO=${SECRET_NAME_DEVOPS_MONGO}#devops_mongo_uri

  export SECRET_NAME_ISV_CLIENT=${ACCOUNT_ID}${SM_DELIM}${CLUSTER_ID}${SM_DELIM}isv_client
  export SECRET_KEY_ISV_CLIENT_ID=${SECRET_NAME_ISV_CLIENT}#client_id
  export SECRET_KEY_ISV_CLIENT_SECRET=${SECRET_NAME_ISV_CLIENT}#client_secret

  export SECRET_NAME_FALCON_CLIENT=${ACCOUNT_ID}${SM_DELIM}${CLUSTER_ID}${SM_DELIM}falcon_client
  export SECRET_KEY_FALCON_CLIENT_ID=${SECRET_NAME_FALCON_CLIENT}#client_id
  export SECRET_KEY_FALCON_CLIENT_SECRET=${SECRET_NAME_FALCON_CLIENT}#client_secret

  export SECRET_NAME_CLOUDWATCH=${ACCOUNT_ID}${SM_DELIM}${CLUSTER_ID}${SM_DELIM}cloudwatch
  export SECRET_KEY_CLOUDWATCH_AWS_SECRET_ACCESS_KEY=${SECRET_NAME_CLOUDWATCH}#aws_secret_access_key
  export SECRET_KEY_CLOUDWATCH_AWS_ACCESS_KEY_ID=${SECRET_NAME_CLOUDWATCH}#aws_access_key_id

  export SECRET_NAME_INSTANA=${ACCOUNT_ID}${SM_DELIM}${CLUSTER_ID}${SM_DELIM}instana
  export SECRET_KEY_INSTANA_KEY=${SECRET_NAME_INSTANA}#key

  export SECRET_NAME_SYSLOG_PULLSECRET=${ACCOUNT_ID}${SM_DELIM}syslog_pullsecret
  export SECRET_KEY_SYSLOG_PULLSECRET=${SECRET_NAME_SYSLOG_PULLSECRET}#pullsecret

  export SECRET_NAME_AWS_ECR=${ACCOUNT_ID}${SM_DELIM}${CLUSTER_ID}${SM_DELIM}aws_ecr
  export SECRET_KEY_AWS_ECR_ACCESS_KEY_ID=${SECRET_NAME_AWS_ECR}#ecr_aws_access_key_id
  export SECRET_KEY_AWS_ECR_ACCESS_KEY_SECRET=${SECRET_NAME_AWS_ECR}#ecr_aws_secret_access_key


  if [ -n "$DEVOPS_MONGO_URI" ];then
    echo "- Update DEVOPS_MONGO_URI secret"
    TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_cluster\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
    sm_update_secret $SECRET_NAME_DEVOPS_MONGO "{\"devops_mongo_uri\": \"${DEVOPS_MONGO_URI}\"}" "${TAGS}"
  fi

  if [ -n "$ISV_CLIENT_ID" ] && [ -n "$ISV_CLIENT_SECRET" ]; then
    echo "- Update ISV_CLIENT_ID and ISV_CLIENT_SECRET secrets"
    TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_cluster\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
    sm_update_secret $SECRET_NAME_ISV_CLIENT "{\"client_id\": \"${ISV_CLIENT_ID}\", \"client_secret\": \"${ISV_CLIENT_SECRET}\"}" "${TAGS}"
  fi

  if [ -n "$FALCON_CLIENT_ID" ] && [ -n "$FALCON_CLIENT_SECRET" ]; then
    echo "- Update FALCON_CLIENT_ID and FALCON_CLIENT_SECRET secrets"
    TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_cluster\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
    sm_update_secret $SECRET_NAME_FALCON_CLIENT "{\"client_id\": \"${FALCON_CLIENT_ID}\", \"client_secret\": \"${FALCON_CLIENT_SECRET}\"}" "${TAGS}"
  fi

  if [ -n "$CLOUDWATCH_AWS_SECRET_ACCESS_KEY" ] && [ -n "$CLOUDWATCH_AWS_ACCESS_KEY_ID" ]; then
    echo "- Update CLOUDWATCH_AWS_SECRET_ACCESS_KEY and CLOUDWATCH_AWS_ACCESS_KEY_ID secrets"
    TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_cluster\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
    sm_update_secret $SECRET_NAME_CLOUDWATCH "{\"aws_secret_access_key\": \"${CLOUDWATCH_AWS_SECRET_ACCESS_KEY}\", \"aws_access_key_id\": \"${CLOUDWATCH_AWS_ACCESS_KEY_ID}\"}" "${TAGS}"
  fi

  if [ -n "$INSTANA_KEY" ]; then
    echo "- Update INSTANA_KEY secret"
    TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_cluster\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
    sm_update_secret $SECRET_NAME_INSTANA "{\"key\": \"${INSTANA_KEY}\"}" "${TAGS}"
  fi

  if [[ "$IMAGE_REPO_MIRROR" == "true" ]]; then
    sm_verify_secret_exists $SECRET_NAME_AWS_ECR "ecr_aws_access_key_id,ecr_aws_secret_access_key"
  fi


  if [ -z $GIT_SSH ]; then
    export GIT_SSH="false"
  fi


  # Set and Validate App Names
  # ---------------------------------------------------------------------------
  ROOT_APP_NAME="root.${ACCOUNT_ID}"
  CLUSTER_APP_NAME="cluster.${CLUSTER_ID}"
  OPERATOR_CATALOG_APP_NAME="operator-catalog.${CLUSTER_ID}"
  COMMON_SERVICES_APP_NAME="redhat-cert-manager.${CLUSTER_ID}"

  validate_app_name "${ROOT_APP_NAME}"
  validate_app_name "${CLUSTER_APP_NAME}"
  validate_app_name "${OPERATOR_CATALOG_APP_NAME}"
  validate_app_name "${COMMON_SERVICES_APP_NAME}"


  # Clone github target repo
  # ---------------------------------------------------------------------------
  if [ "$GITHUB_PUSH" == "true" ]; then
    echo
    echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
    clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
  fi
  mkdir -p ${GITOPS_CLUSTER_DIR}
  if [[ -n ${ARTIFACTORY_USERNAME} && -n ${ARTIFACTORY_TOKEN} ]]; then
    export ARTIFACTORY_AUTH_TOKEN=$(echo -n $ARTIFACTORY_USERNAME:$ARTIFACTORY_TOKEN | base64 -w 0)
  fi
  export ICR_AUTH_TOKEN=$(echo -n $ICR_USERNAME:$ICR_PASSWORD | base64 -w 0)

  echo "- Generate image pull secret"
  jinjanate_commmon $CLI_DIR/templates/gitops/ibm-entitlement-with-artifactory.json.j2 ${GITOPS_CLUSTER_DIR}/ibm-entitlement-with-artifactory.json

  IBM_ENTITLEMENT_WITH_ARTIFACTORY=${GITOPS_CLUSTER_DIR}/ibm-entitlement-with-artifactory.json
  IBM_ENTITLEMENT_WITH_ARTIFACTORY=$(cat $IBM_ENTITLEMENT_WITH_ARTIFACTORY)
  export IBM_ENTITLEMENT_PULL_SECRET_B64=$(echo -n $IBM_ENTITLEMENT_WITH_ARTIFACTORY | base64 -w 0)
  export IBM_ENTITLEMENT_B64=$(echo -n $ICR_PASSWORD | base64 -w 0)

  TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_cluster\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
  sm_update_secret $SECRET_NAME_IBM_ENTITLEMENT "{\"image_pull_secret_b64\": \"${IBM_ENTITLEMENT_PULL_SECRET_B64}\", \"entitlement_key\": \"${IBM_ENTITLEMENT_B64}\"}" "${TAGS}"

  if [[ "$CLUSTER_PROMOTION" == "true" ]]; then
    export SECRET_NAME_GITHUB_PAT=${ACCOUNT_ID}${SM_DELIM}${CLUSTER_ID}${SM_DELIM}github_pat
    export SECRET_KEY_GITHUB_PAT=${SECRET_NAME_GITHUB_PAT}#github_pat
    TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_cluster\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
    sm_update_secret $SECRET_NAME_GITHUB_PAT "{\"github_pat\": \"${CLUSTER_PROMOTION_TARGET_GITHUB_PAT}\"}" "${TAGS}"
  fi

  rm -rf ${GITOPS_CLUSTER_DIR}/ibm-entitlement-with-artifactory.json


  # This is used by some of the ArgoCD sync hooks to make updates to AWS SM from within the cluster
  export SECRET_NAME_AWS=${ACCOUNT_ID}${SM_DELIM}${CLUSTER_ID}${SM_DELIM}aws
  if [[ "$SKIP_AWS_SECRET_CREATION" == "true" ]]; then
    echo "- Verify AWS secret"
    sm_verify_secret_exists $SECRET_NAME_AWS "sm_aws_access_key_id,sm_aws_secret_access_key"
  else
    echo "- Generate AWS secret"
    TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_cluster\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
    sm_update_secret $SECRET_NAME_AWS "{\"sm_aws_access_key_id\": \"${SM_AWS_ACCESS_KEY_ID}\", \"sm_aws_secret_access_key\": \"${SM_AWS_SECRET_ACCESS_KEY}\"}" "${TAGS}"
  fi


  # Generate ArgoApps
  # ---------------------------------------------------------------------------
  echo
  echo_h2 "Generating Argo Applications"

  echo "- Base Config"
  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/phase1/ibm-mas-cluster-base.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-mas-cluster-base.yaml

  echo "- IBM Operator Catalog"
  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/phase1/ibm-operator-catalog.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-operator-catalog.yaml

  if [[ "$INSTALL_REDHAT_CERT_MANAGER" == "true" ]]; then
    echo "- Redhat Cert Manager"
    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/phase1/redhat-cert-manager.yaml.j2 ${GITOPS_CLUSTER_DIR}/redhat-cert-manager.yaml
  fi

  if [[ "$INSTALL_SELENIUM_GRID" == "true" ]]; then
    echo "- Selenium Grid"
    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/phase1/selenium-grid.yaml.j2 ${GITOPS_CLUSTER_DIR}/selenium-grid.yaml
  fi

  if [[ "$CLUSTER_PROMOTION" == "true" ]]; then
    ESCAPED_CLUSTER_VALUES=${CLUSTER_PROMOTION_CLUSTER_VALUES//\"/\\\"}
    export ESCAPED_CLUSTER_VALUES=${ESCAPED_CLUSTER_VALUES//$'\n'/\\n}
    echo "- Cluster Promotion"
    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/cluster-promotion.yaml.j2 ${GITOPS_CLUSTER_DIR}/cluster-promotion.yaml
  fi
  
  if [[ -n "$CUSTOM_SA_NAMESPACE" ]]; then
    echo "- Custom Cluster Service Accounts"
    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/custom-sa.yaml.j2 ${GITOPS_CLUSTER_DIR}/custom-sa.yaml
  fi

  if [[ -n "$DNS_PROVIDER" ]]; then
    echo "- IBM CIS Cert Manager"
    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/phase1/ibm-cis-cert-manager.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-cis-cert-manager.yaml
  fi

  if [[ "$INSTALL_GROUP_SYNC_OPERATOR" == "true" ]]; then
    echo "- Group Sync Operator"
    sm_verify_secret_exists $SECRET_NAME_ISV_CLIENT "client_secret,client_id"
    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/group-sync-operator.yaml.j2 ${GITOPS_CLUSTER_DIR}/group-sync-operator.yaml
  fi

  if [[ "$INSTALL_IBM_RBAC" == "true" ]]; then
    echo "- IBM RBAC"
    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/ibm-rbac.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-rbac.yaml
  fi

  if [[ "$INSTALL_FALCON_OPERATOR" == "true" ]]; then
    echo "- CrowdStrike Falcon Operator"
    sm_verify_secret_exists $SECRET_NAME_FALCON_CLIENT "client_secret,client_id"
    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/falcon-operator.yaml.j2 ${GITOPS_CLUSTER_DIR}/falcon-operator.yaml
  fi

  if [[ "$CLUSTER_LOGGING_OPERATOR_INSTALL" == "true" ]]; then
    echo "- Cluster Logging Operator"
    sm_verify_secret_exists $SECRET_NAME_CLOUDWATCH "aws_access_key_id,aws_secret_access_key"
    if [[ "$CLUSTER_LOGGING_OPERATOR_SETUP_LOG_FORWARDING" == "true" ]]; then
      echo "- Cluster Logging Operator Log Forwarder Setup"
      [ -s "$CLUSTER_LOGGING_OPERATOR_DLC_CA_BUNDLE_FILE" ] || { echo_warning "Required value 'CLUSTER_LOGGING_OPERATOR_DLC_CA_BUNDLE_FILE' is missing or empty"; exit 1;}
      export CLUSTER_LOGGING_OPERATOR_DLC_CA_BUNDLE=$(cat ${CLUSTER_LOGGING_OPERATOR_DLC_CA_BUNDLE_FILE} | base64 -w0)

      if [[ -n "$SYSLOG_PULLSECRET" ]]; then
        echo "- Update SYSLOG_PULLSECRET secret"
        TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_cluster\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}]"
        sm_update_secret $SECRET_NAME_SYSLOG_PULLSECRET "{\"pullsecret\": \"${SYSLOG_PULLSECRET}\"}" "${TAGS}"
      fi
      sm_verify_secret_exists $SECRET_NAME_SYSLOG_PULLSECRET "pullsecret"
    fi
    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/cluster-logging-operator.yaml.j2 ${GITOPS_CLUSTER_DIR}/cluster-logging-operator.yaml
  fi

  if [[ "$INSTANA_AGENT_OPERATOR_INSTALL" == "true" ]]; then
    echo "- Instana Agent Operator"
    sm_verify_secret_exists $SECRET_NAME_INSTANA "key"
    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instana-agent-operator.yaml.j2 ${GITOPS_CLUSTER_DIR}/instana-agent-operator.yaml
  fi


  if [[ "$IMAGE_REPO_MIRROR" == "true" ]]; then
    echo "- Image Repository Mirror"
    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/image-mirroring.yaml.j2 ${GITOPS_CLUSTER_DIR}/image-mirroring.yaml
  fi


  # Commit and push to github target repo
  # ---------------------------------------------------------------------------
  if [ "$GITHUB_PUSH" == "true" ]; then
    echo
    echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
    save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
    remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
  fi

}
