#!/usr/bin/env bash

function gitops_suite_help() {
  [[ -n "$1" ]] && echo_warning "$1"
  reset_colors
  cat << EOM
Usage:
  mas gitops_suite [options]
Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
When no options are specified on the command line, interactive-mode will be enabled by default.

Basic Configuration:
  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}           Directory for GitOps repository
  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}            Account name that the cluster belongs to
  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}            Cluster ID
  -m, --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}  IBM Suite Maximo Application Suite Instance ID
      --custom-labels ${COLOR_YELLOW}CUSTOM_LABELS${TEXT_RESET}      Custom Labels definition in dict format

AWS Secrets Manager Configuration (Required):
      --sm-aws-secret-region ${COLOR_YELLOW}SM_AWS_REGION${TEXT_RESET}          Region of the AWS Secrets Manager to use
      --sm-aws-access-key ${COLOR_YELLOW}SM_AWS_ACCESS_KEY_ID${TEXT_RESET}      Your AWS Access Key ID
      --sm-aws-secret-key ${COLOR_YELLOW}SM_AWS_SECRET_ACCESS_KEY${TEXT_RESET}  Your AWS Secret Key
      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                   Secrets Manager path

MongoDb Provider Selection (Required):
      --mongo-provider ${COLOR_YELLOW}MONGODB_PROVIDER${TEXT_RESET}  The mongodb provider to install ('aws' or 'yaml')

IBM Suite License Service:
  -s, --sls-service ${COLOR_YELLOW}STANDALONE_SLS_SERVICE${TEXT_RESET}         for ibm internal use only.
      --sls-channel ${COLOR_YELLOW}SLS_CHANNEL${TEXT_RESET}  IBM Suite License Service Subscription Channel
      --sls-install-plan ${COLOR_YELLOW}SLS_INSTALL_PLAN${TEXT_RESET}  IBM Suite License Service Subscription Install Plan ('Automatic' or 'Manual'. Default is 'Automatic')

IBM Maximo Application Suite:
      --mas-annotations ${COLOR_YELLOW}MAS_ANNOTATIONS${TEXT_RESET}                                                       MAS Annotations definition in dict format
      --mas-channel ${COLOR_YELLOW}MAS_CHANNEL${TEXT_RESET}                                                               MAS Core Platform Subscription Channel
      --mas-install-plan ${COLOR_YELLOW}MAS_INSTALL_PLAN${TEXT_RESET}                                                     MAS Core Platform Subscription Install Plan ('Automatic' or 'Manual'. Default is 'Automatic')
      --mas-domain ${COLOR_YELLOW}MAS_DOMAIN${TEXT_RESET}                                                                 MAS Domain
      --mas-image-tags ${COLOR_YELLOW}MAS_IMAGE_TAGS${TEXT_RESET}                                                         MAS Image tags definition in dict format
      --mas-labels ${COLOR_YELLOW}MAS_LABELS${TEXT_RESET}                                                                 MAS Labels definition in dict format
      --mas-manual-cert-mgmt ${COLOR_YELLOW}MAS_MANUAL_CERT_MGMT${TEXT_RESET}                                             MAS Manual Cert Management
      --mas-manual-certs-yaml ${COLOR_YELLOW}MAS_MANUAL_CERTS_YAML${TEXT_RESET}                                           YAML file location containing combined MAS Manual Certs of core and all other apps
      --mas-pod-template-yaml ${COLOR_YELLOW}MAS_POD_TEMPLATE_YAML${TEXT_RESET}                                           The location of a file containing the POD template
      --allow-list ${COLOR_YELLOW}ALLOW_LIST${TEXT_RESET}                                                                 List of IPs or CIDR range to whitelist
      --additional-vpn ${COLOR_YELLOW}ADDITIONAL_VPN{TEXT_RESET}                                                          Manage additional client VPN
      --extensions ${COLOR_YELLOW}EXTENSIONS${TEXT_RESET}                                                                 To enable JAVA or 3rd party code extensions
      --enhanced-dr ${COLOR_YELLOW}ENHANCED_DR${TEXT_RESET}                                                               To enable Enhanced Disaster Recovery
      --is-non-shared-cluster ${COLOR_YELLOW}IS_NON_SHARED_CLUSTER${TEXT_RESET}                                           To enable Non shared cluster
      --suite-spec-additional-properties-yaml ${COLOR_YELLOW}SUITE_SPEC_ADDITIONAL_PROPERTIES_YAML${TEXT_RESET}           Additional properties to be set in Suite CR spec
      --suite-spec-settings-additional-properties-yaml ${COLOR_YELLOW}SUITE_SPEC_SETTINGS_ADDITIONAL_PROPERTIES_YAML${TEXT_RESET}  Additional properties to be set in Suite CR spec.settings

      Below is a sample yaml file template representing manual_certs dictionary ( key: << value base64 encoded content of cert file >>) 
      where key is <<app>>_<<filename . replaced by _>> name and value will be base64 encoded of the respective ca/tls file, 
      supported app are core, assist, iot, manage, monitor, optimizer, predict,visualinspection
        manual_certs:
          core_tls_crt: <<base64 enc of core tls.crt>>
          core_tls_key: <<base64 enc of core tls.key>>
          core_ca_crt: <<base64 enc of core ca.crt>>
          assist_tls_crt: <<base64 enc of assist tls.crt>>
          assist_tls_key: <<base64 enc of assist tls.key>>
          assist_ca_crt: <<base64 enc of assist ca.crt>>
          <<app>>_tls_crt: <<base64 enc of <<app>> tls.crt>>
          <<app>>_tls_key: <<base64 enc of <<app>> tls.key>>
          <<app>>_ca_crt: <<base64 enc of <<app>> ca.crt>>

      --dns-provider ${COLOR_YELLOW}DNS_PROVIDER${TEXT_RESET}                         DNS Provider, Currently supported CIS (Akamai support inprogress)
      --mas-workspace-id ${COLOR_YELLOW}MAS_WORKSPACE_ID${TEXT_RESET}                 MAS Workspace ID
      --mas-config-dir ${COLOR_YELLOW}MAS_CONFIG_DIR${TEXT_RESET}                     MAS_CONFIG_DIR

      --cis-email ${COLOR_YELLOW}CIS_EMAIL${TEXT_RESET}                               CIS EMAIL
      --cis-crn ${COLOR_YELLOW}CIS_CRN${TEXT_RESET}                                   CIS CRN
      --cis-apikey ${COLOR_YELLOW}CIS_APIKEY${TEXT_RESET}                             IBM CLOUD APIKEY
      --cis-subdomain ${COLOR_YELLOW}CIS_SUBDOMAIN${TEXT_RESET}                       CIS subdomain
      --cis-mas-domain ${COLOR_YELLOW}CIS_MAS_DOMAIN${TEXT_RESET}                     CIS MAS domain
      --ocp-cluster-domain ${COLOR_YELLOW}OCP_CLUSTER_DOMAIN${TEXT_RESET}             Open Shift Cluster domain
      --cis-enhanced-security ${COLOR_YELLOW}CIS_ENHANCED_SECURITY${TEXT_RESET}       Set this to true to enable the enhanced IBM CIS DNS integration security
      --cis-waf ${COLOR_YELLOW}CIS_WAF${TEXT_RESET}                                   CIS WAF
      --cis-proxy ${COLOR_YELLOW}CIS_PROXY${TEXT_RESET}                               CIS proxy
      --cis-service-name ${COLOR_YELLOW}CIS_SERVICE_NAME${TEXT_RESET}                 Set this to override default CIS service name that would otherwise be created as {ClusterName}-cis-{mas_instance_id}

      --update-dns-entries ${COLOR_YELLOW}UPDATE_DNS_ENTRIES${TEXT_RESET}             Set this to false if you want to not update DNS entries if they already exist
      --delete-wildcards ${COLOR_YELLOW}DELETE_WILDCARDS${TEXT_RESET}                 Set this to true to force deletion of wildcard dns entries in cis
      --override-edge-certs ${COLOR_YELLOW}OVERRIDE_EDGE_CERTS${TEXT_RESET}           Set this to false to not override and delete any existing edge certificates in cis instance when creating new edge certificates

      --mas-wipe-mongo-data ${COLOR_YELLOW}MAS_WIPE_MONGO_DATA${TEXT_RESET}           Set to "true" to wipe all mongo data for this MAS instance on uninstall (optional, defaults to false)

      --oidc-config ${COLOR_YELLOW}OIDC_CONFIG${TEXT_RESET} YAML string for defining the OpenID clients (OIDC) that will be registered automatically after the suite is installed.
        Currently supported:
          "configtool" client suitable to use by the Maximo Application Framework (MAF) configurator tool. Specify as follows:
            --oidc-config '{"configtool": {"trusted_uri_prefixes": ["https://example.com:443", "https://otherexample.com:8443"]}}'
            
            "trusted_uri_prefixes" field is optional, defaults to ["http://localhost:3000", "http://localhost:3001", "http://localhost:3006"]
      
      --internal-cert-authority ${COLOR_YELLOW}INTERNAL_CERT_AUTHORITY${TEXT_RESET}  The certificate authority to use for provisoning certificates for MAS services

      --welcome-message ${COLOR_YELLOW}WELCOME_MESSAGE${TEXT_RESET} Default welcome message (displayed on login screen) to be configured (optional). NOTE: only use with MAS 9.1.7 or later.
Target Cluster (Optional):
      --cluster-url ${COLOR_YELLOW}CLUSTER_URL${TEXT_RESET}       Set to target a remote Kubernetes cluster (defaults to 'https://kubernetes.default.svc')

MAS CLI Image (Optional):
      --mas-cli-image-repo ${COLOR_YELLOW}MAS_CLI_IMAGE_REPO{TEXT_RESET}               The repo that holds the MAS CLI image to be pulled in ArgoCD. Only needed if using a mirror registry, and not quay.io

Automatic GitHub Push:
  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
  -O, --github-org  ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}         Github org for your GitOps repository
  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}        Github repo for your GitOps repository
  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}          Git branch to commit to of your GitOps repository
  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}  Git commit message to use when committing to of your GitOps repository
  -S , --github-ssh  ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}           Git ssh key path

Other Commands:
  -h, --help                                      Show this help message
EOM
  [[ -n "$1" ]] && exit 1 || exit 0
}

function gitops_suite_noninteractive() {
  # Set defaults
  GITOPS_WORKING_DIR=$PWD/working-dir
  SECRETS_KEY_SEPERATOR="/"

  GIT_COMMIT_MSG="gitops-suite commit"

  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}

  export SLS_INSTALL_PLAN=${SLS_INSTALL_PLAN:-"Automatic"}
  export MAS_INSTALL_PLAN=${MAS_INSTALL_PLAN:-"Automatic"}

  # Target the local (to ArgoCD) cluster
  export CLUSTER_URL=${CLUSTER_URL:-"https://kubernetes.default.svc"}

  # Disable manual certificate management by default
  export MAS_MANUAL_CERT_MGMT=${MAS_MANUAL_CERT_MGMT:-"false"}

  # Target IBM Container Registry by default
  export ICR_CP=${ICR_CP:-"cp.icr.io/cp"}
  export ICR_CP_OPEN=${ICR_CP_OPEN:-"icr.io/cpopen"}

  # cert-manager namespace, in case redhat default value is cert-manager
  export CERT_MANAGER_NAMESPACE=${CERT_MANAGER_NAMESPACE:-"cert-manager"}

  #GenericAddon default
  export EXTENSIONS=${EXTENSIONS:-"false"}
  export ADDITIONAL_VPN=${ADDITIONAL_VPN:-"false"}
  export ENHANCED_DR=${ENHANCED_DR:-"false"}


  if [ ! -z "$STANDALONE_SLS_SERVICE" ]; then
      CLEAN_PATH=$(echo "$STANDALONE_SLS_SERVICE" | sed 's#<ref:##; s#>##')
      IFS='/' read -r -a PARTS <<< "$CLEAN_PATH"
      if [ ${#PARTS[@]} -lt 6 ]; then
          echo "Error: Invalid SLS service parameter file Path $STANDALONE_SLS_SERVICE format." >&2
          exit 1
      fi
      ICN="${PARTS[3]}"
      SAAS_SUB_ID="${PARTS[4]}"
  fi
   
  export ICN=${ICN:-""}
  export SAAS_SUB_ID=${SAAS_SUB_ID:-""}


  while [[ $# -gt 0 ]]
  do
    key="$1"
    shift
    case $key in
      # GitOps Configuration
      -d|--dir)
        export GITOPS_WORKING_DIR=$1 && shift
        ;;
      -a|--account-id)
        export ACCOUNT_ID=$1 && shift
        ;;
      -c|--cluster-id)
        export CLUSTER_ID=$1 && shift
        ;;
      -m|--mas-instance-id)
        export MAS_INSTANCE_ID=$1 && shift
        ;;
      --custom-labels)
        export CUSTOM_LABELS=$1 && shift
        ;;

      # AWS Secrets Manager Configuration
      --sm-aws-secret-region)
        export SM_AWS_REGION=$1
        export REGION_ID=$1
        shift
        ;;
      --sm-aws-access-key)
        export SM_AWS_ACCESS_KEY_ID=$1 && shift
        ;;
      --sm-aws-secret-key)
        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
        ;;
      --secrets-path)
        export SECRETS_PATH=$1 && shift
        ;;

      # cert manager
      --cert-manager-namespace)
        export CERT_MANAGER_NAMESPACE=$1 && shift
        ;;

      # MongoDb Provider Selection
      --mongo-provider)
        export MONGODB_PROVIDER=$1 && shift
        ;;

      # SLS
      --sls-channel)
        export SLS_CHANNEL=$1 && shift
        ;;
      --sls-install-plan)
        export SLS_INSTALL_PLAN=$1 && shift
        ;;

      # Standalone Server configuration
      -s|--sls-service)
        export STANDALONE_SLS_SERVICE=$1 && shift
        ;;

      # MAS
      --mas-annotations)
        export MAS_ANNOTATIONS=$1 && shift
        ;;
      --mas-channel)
        export MAS_CHANNEL=$1 && shift
        ;;
      --mas-install-plan)
        export MAS_INSTALL_PLAN=$1 && shift
        ;;
      --mas-domain)
        export MAS_DOMAIN=$1 && shift
        ;;
      --mas-image-tags)
        export MAS_IMAGE_TAGS=$1 && shift
        ;;
      --mas-labels)
        export MAS_LABELS=$1 && shift
        ;;
      --mas-manual-cert-mgmt)
        export MAS_MANUAL_CERT_MGMT=$1 && shift
        ;;

      --mas-manual-certs-yaml)
        export MAS_MANUAL_CERTS_YAML=$1 && shift
        ;;
      --mas-pod-template-yaml)
        export MAS_POD_TEMPLATE_YAML=$1 && shift
        ;;

      --mas-wipe-mongo-data)
        export MAS_WIPE_MONGO_DATA=$1 && shift
        ;;
      --suite-spec-additional-properties-yaml)
        export SUITE_SPEC_ADDITIONAL_PROPERTIES_YAML=$1 && shift
        ;;
      --suite-spec-settings-additional-properties-yaml)
        export SUITE_SPEC_SETTINGS_ADDITIONAL_PROPERTIES_YAML=$1 && shift
        ;;

      # Addons
      --allow-list)
        export ALLOW_LIST=$1 && shift
        ;;
      --additional-vpn)
        export ADDITIONAL_VPN=$1 && shift
        ;;
      --extensions)
        export EXTENSIONS=$1 && shift
        ;;
      --enhanced-dr)
        export ENHANCED_DR=$1 && shift
        ;;
      --is-non-shared-cluster)
        export IS_NON_SHARED_CLUSTER=$1 && shift
        ;;

      # Target Cluster (Optional)
      --cluster-url)
        export CLUSTER_URL=$1 && shift
        ;;

      # DNS 
      --dns-provider)
        export DNS_PROVIDER=$1 && shift
        ;;

      --mas-workspace-id)
        export MAS_WORKSPACE_ID=$1 && shift
        ;;

      --mas-config-dir)
        export MAS_CONFIG_DIR=$1 && shift
        ;;

      --cis-email)
        export CIS_EMAIL=$1 && shift
        ;;

      --cis-crn)
        export CIS_CRN=$1 && shift
        ;;

      --cis-apikey)
        export CIS_APIKEY=$1 && shift
        ;;

      --cis-subdomain)
        export CIS_SUBDOMAIN=$1 && shift
        ;;

      --cis-mas-domain)
        export CIS_MAS_DOMAIN=$1 && shift
        ;;

      --ocp-cluster-domain)
        export OCP_CLUSTER_DOMAIN=$1 && shift
        ;;

      --cis-enhanced-security)
        export CIS_ENHANCED_SECURITY=$1 && shift
        ;;

      --cis-waf)
        export CIS_WAF=$1 && shift
        ;;

      --cis-proxy)
        export CIS_PROXY=$1 && shift
        ;;

      --cis-service-name)
        export CIS_SERVICE_NAME=$1 && shift
        ;;

      --update-dns-entries)
        export UPDATE_DNS_ENTRIES=$1 && shift
        ;;

      --delete-wildcards)
        export DELETE_WILDCARDS=$1 && shift
        ;;

      --override-edge-certs)
        export OVERRIDE_EDGE_CERTS=$1 && shift
        ;;

      --oidc-config)
        export OIDC_CONFIG=$1 && shift
        ;;

      # MAS CLI
      --mas-cli-image-repo)
        export MAS_CLI_IMAGE_REPO=$1 && shift
        ;;

      # Automatic GitHub Push
      -P|--github-push)
        export GITHUB_PUSH=true
        ;;
      -H|--github-host)
        export GITHUB_HOST=$1 && shift
        ;;
      -O|--github-org)
        export GITHUB_ORG=$1 && shift
        ;;
      -R|--github-repo)
        export GITHUB_REPO=$1 && shift
        ;;
      -B|--git-branch)
        export GIT_BRANCH=$1 && shift
        ;;
      -M|--git-commit-msg)
        export GIT_COMMIT_MSG=$1 && shift
        ;;
      -S|--github-ssh)
        export GIT_SSH=$1 && shift
        ;;

      --internal-cert-authority)
        export INTERNAL_CERT_AUTHORITY=$1 && shift
        ;;

      --welcome-message)
        export WELCOME_MESSAGE=$1 && shift
        ;;

      # Other Commands
      -h|--help)
        gitops_suite_help
        ;;
      *)
        # unknown option
        gitops_suite_help "Usage Error: Unsupported option \"${key}\" "
        ;;
      esac
  done

  [[ -z "$ACCOUNT_ID" ]] && gitops_suite_help "ACCOUNT_ID is not set"
  [[ -z "$CLUSTER_ID" ]] && gitops_suite_help "CLUSTER_ID is not set"
  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_suite_help "REGION_ID or SM_AWS_REGION is not set"
  [[ -z "$CLUSTER_URL" ]] && gitops_suite_help "CLUSTER_URL is not set"
  [[ -z "$MONGODB_PROVIDER" ]] && gitops_suite_help "MONGODB_PROVIDER is not set"

  if [[ "${DNS_PROVIDER}" == "cis" ]]; then
    [[ -z "$MAS_INSTANCE_ID" ]] && gitops_suite_help "MAS_INSTANCE_ID is not set"
    [[ -z "$MAS_WORKSPACE_ID" ]] && gitops_suite_help "MAS_WORKSPACE_ID is not set"
    [[ -z "$CIS_MAS_DOMAIN" ]] && gitops_suite_help "CIS_MAS_DOMAIN is not set"
    [[ -z "$OCP_CLUSTER_DOMAIN" ]] && gitops_suite_help "OCP_CLUSTER_DOMAIN is not set"
    [[ -z "$CIS_EMAIL" ]] && gitops_suite_help "CIS_EMAIL is not set"
    [[ -z "$CIS_APIKEY" ]] && gitops_suite_help "CIS_APIKEY is not set"  
    [[ -z "$CIS_CRN" ]] && gitops_suite_help "CIS_CRN is not set"
  fi

  if [[ "$GITHUB_PUSH" == "true" ]]; then
    [[ -z "$GITHUB_HOST" ]] && gitops_suite_help "GITHUB_HOST is not set"
    [[ -z "$GITHUB_ORG" ]] && gitops_suite_help "GITHUB_ORG is not set"
    [[ -z "$GITHUB_REPO" ]] && gitops_suite_help "GITHUB_REPO is not set"
    [[ -z "$GIT_BRANCH" ]] && gitops_suite_help "GIT_BRANCH is not set"
  fi

  if [[ -n "${OIDC_CONFIG}" ]]; then

    # Validate any OIDC_CONFIG passed in
    export OIDC_CONFIG_YAML
    OIDC_CONFIG_YAML=$(echo $OIDC_CONFIG | yq -P) || gitops_suite_help "OIDC_CONFIG is not valid YAML"

    # Check configtool is the only top-level key
    # If we add more supported keys in future, add to the filter expression as such: filter(. != "configtool" and . != "otherkey")
    echo "${OIDC_CONFIG_YAML}" | yq eval  --exit-status=1 \
      'keys | filter(. != "configtool" ) |  length == 0' \
      1> /dev/null 2>&1 \
      || gitops_suite_help "OIDC_CONFIG is invalid; only the 'configtool' key is supported at the top-level"

    # If configtool is specified, check that "trusted_uri_prefixes" is the only child key
    # If we add more supported keys in future, add to the filter expression as such: filter(. != "trusted_uri_prefixes" and . != otherkey)
    echo "${OIDC_CONFIG_YAML}" | yq eval  --exit-status=1 \
      '(. | has("configtool")) == false or 
       (.configtool | keys | filter(. != "trusted_uri_prefixes") | length == 0)' \
      1> /dev/null 2>&1 \
      || gitops_suite_help "OIDC_CONFIG is invalid,; only the 'trusted_uri_properties' key is supported under 'configtool'"

    # if specified, .configtool.trusted_uri_prefixes must be an array
    echo "${OIDC_CONFIG_YAML}" | yq eval  --exit-status=1 \
      '(. | has("configtool")) == false or 
       (.configtool | has("trusted_uri_prefixes")) == false or 
       (.configtool.trusted_uri_prefixes | type == "!!seq")' \
      1> /dev/null 2>&1 \
      || gitops_suite_help "OIDC_CONFIG is invalid; if specified, the value of 'configtool.trusted_uri_properties' must be an array"

    # if specified, all elements of .configtool.trusted_uri_prefixes must be an array containing only strings
    echo "${OIDC_CONFIG_YAML}" | yq eval  --exit-status=1 \
      '(. | has("configtool")) == false or
       (.configtool | has("trusted_uri_prefixes")) == false or
       (.configtool.trusted_uri_prefixes | length == 0) or
       (.configtool.trusted_uri_prefixes.[] | type == "!!str") as $item ireduce (true; . and $item)' \
       1> /dev/null 2>&1 \
       || gitops_suite_help "OIDC_CONFIG is invalid; if specified, the value of 'configtool.trusted_uri_properties' must be an array containing only strings"

    # if no trusted_uri_prefixes field specified under configtool, set some defaults
    if $(echo "${OIDC_CONFIG_YAML}" | yq eval --exit-status=1 \
      '(. | has("configtool")) == true and
       (.configtool | has("trusted_uri_prefixes")) == false' \
       1> /dev/null 2>&1); then
      OIDC_CONFIG_YAML=$(echo "${OIDC_CONFIG_YAML}" | yq '.configtool.trusted_uri_prefixes = ["http://localhost:3000","http://localhost:3001","http://localhost:3006"]')
    fi

  fi

}

function gitops_suite() {
  # Take the first parameter off (it will be create-gitops)
  shift
  if [[ $# -gt 0 ]]; then
    gitops_suite_noninteractive "$@"
  else
    echo "Not supported yet"
    exit 1
    gitops_suite_interactive
  fi

  # catch errors
  set -o pipefail
  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR

  export DOMAIN=${MAS_DOMAIN}
  if [[ "${DNS_PROVIDER}" == "cis" ]]; then
    export CIS_ENHANCED_SECURITY=${CIS_ENHANCED_SECURITY:-"true"}
    export CIS_PROXY=${CIS_PROXY:-"false"}
    export OVERRIDE_EDGE_CERTS=${OVERRIDE_EDGE_CERTS:-"true"}

    export CIS_WAF=${CIS_WAF:-"true"}
    export UPDATE_DNS_ENTRIES=${UPDATE_DNS_ENTRIES:-"true"}
    export DELETE_WILDCARDS=${DELETE_WILDCARDS:-"true"}

    export DOMAIN=${CIS_MAS_DOMAIN}
  fi

  mkdir -p ${GITOPS_WORKING_DIR}
  GITOPS_INSTANCE_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}

  echo
  reset_colors
  echo_h2 "Review Settings"

  echo "${TEXT_DIM}"
  echo_h4 "Target" "    "
  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
  echo_reset_dim "Cluster URL .................... ${COLOR_MAGENTA}${CLUSTER_URL}"
  echo_reset_dim "MAS Instance ID ................ ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
  echo_reset_dim "Instance Config Directory ...... ${COLOR_MAGENTA}${GITOPS_INSTANCE_DIR}"
  reset_colors

  echo "${TEXT_DIM}"
  echo_h4 "AWS Secrets Manager" "    "
  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
  reset_colors

  echo "${TEXT_DIM}"
  echo_h4 "Mongo" "    "
  echo_reset_dim "Mongo Provider  ................ ${COLOR_MAGENTA}${MONGODB_PROVIDER}"
  echo_reset_dim "MAS_WIPE_MONGO_DATA ............ ${COLOR_MAGENTA}${MAS_WIPE_MONGO_DATA}"
  reset_colors

  echo "${TEXT_DIM}"
  echo_h4 "IBM Suite License Service" "    "
  echo_reset_dim "Subscription Channel ........... ${COLOR_MAGENTA}${SLS_CHANNEL}"
  echo_reset_dim "Subscription Install Plan ...... ${COLOR_MAGENTA}${SLS_INSTALL_PLAN}"
  echo_reset_dim "Ibm Customer Number  ........... ${COLOR_MAGENTA}${ICN}"
  echo_reset_dim "Subscription Id   .............. ${COLOR_MAGENTA}${SAAS_SUB_ID}"


  if [[ -n "$INTERNAL_CERT_AUTHORITY" ]]; then
    echo_reset_dim "Internal Certificate Authority ...... ${COLOR_MAGENTA}${INTERNAL_CERT_AUTHORITY}"
  fi
  reset_colors

  echo "${TEXT_DIM}"
  echo_h4 "IBM Maximo Application Suite" "    "
  echo_reset_dim "Subscription Channel ....................... ${COLOR_MAGENTA}${MAS_CHANNEL}"
  echo_reset_dim "Subscription Install Plan .................. ${COLOR_MAGENTA}${MAS_INSTALL_PLAN}"
  echo_reset_dim "MAS Domain ................................. ${COLOR_MAGENTA}${MAS_DOMAIN}"
  echo_reset_dim "Domain ..................................... ${COLOR_MAGENTA}${DOMAIN}"
  echo_reset_dim "Image Tags ................................. ${COLOR_MAGENTA}${MAS_IMAGE_TAGS}"
  echo_reset_dim "Annotations ................................ ${COLOR_MAGENTA}${MAS_ANNOTATIONS}"
  echo_reset_dim "Labels ..................................... ${COLOR_MAGENTA}${MAS_LABELS}"
  echo_reset_dim "MAS Manual Cert Mgt ........................ ${COLOR_MAGENTA}${MAS_MANUAL_CERT_MGMT}"
  echo_reset_dim "MAS MANUAL CERTS YAML ...................... ${COLOR_MAGENTA}${MAS_MANUAL_CERTS_YAML}"
  echo_reset_dim "Cert Manager Namespace ..................... ${COLOR_MAGENTA}${CERT_MANAGER_NAMESPACE}"
  echo_reset_dim "DNS Provider ............................... ${COLOR_MAGENTA}${DNS_PROVIDER}"
  echo_reset_dim "Pod Template YAML File  .................... ${COLOR_MAGENTA}${MAS_POD_TEMPLATE_YAML}"
  echo_reset_dim "OIDC Config ................................ ${COLOR_MAGENTA}${OIDC_CONFIG}"
  echo_reset_dim "Allow List ................................. ${COLOR_MAGENTA}${ALLOW_LIST}"
  echo_reset_dim "Additional VPN ............................. ${COLOR_MAGENTA}${ADDITIONAL_VPN}"
  echo_reset_dim "Enhanced Disaster Recovery ................. ${COLOR_MAGENTA}${ENHANCED_DR}"
  echo_reset_dim "Non shared cluster ......................... ${COLOR_MAGENTA}${IS_NON_SHARED_CLUSTER}"
  echo_reset_dim "Java or 3rd Party Code Extensions .......... ${COLOR_MAGENTA}${EXTENSIONS}"
  echo_reset_dim "Suite Spec Additional Properties ........... ${COLOR_MAGENTA}${SUITE_SPEC_ADDITIONAL_PROPERTIES_YAML}"
  echo_reset_dim "Suite Spec Settings Additional Properties .. ${COLOR_MAGENTA}${SUITE_SPEC_SETTINGS_ADDITIONAL_PROPERTIES_YAML}"
  if [[ -n "$INTERNAL_CERT_AUTHORITY" ]]; then
    echo_reset_dim "Internal Certificate Authority ............. ${COLOR_MAGENTA}${INTERNAL_CERT_AUTHORITY}"
  fi
  echo_reset_dim "Default welcome message .................... ${COLOR_MAGENTA}${WELCOME_MESSAGE}"
  reset_colors

  if [[ -n "$DNS_PROVIDER" ]]; then
    echo "${TEXT_DIM}"
    echo_h4 "Suite DNS" "    "
    echo_reset_dim "MAS Workspace ID ............... ${COLOR_MAGENTA}${MAS_WORKSPACE_ID}"
    echo_reset_dim "MAS CONFIG DIR ................. ${COLOR_MAGENTA}${MAS_CONFIG_DIR}"
    echo_reset_dim "CIS Email ...................... ${COLOR_MAGENTA}${CIS_EMAIL}"
    echo_reset_dim "CIS CRN ........................ ${COLOR_MAGENTA}${CIS_CRN}"
    echo_reset_dim "IBM CLOUD APIKEY ............... ${COLOR_MAGENTA}${CIS_APIKEY:0:4}<snip>"
    echo_reset_dim "CIS subdomain .................. ${COLOR_MAGENTA}${CIS_SUBDOMAIN}"
    echo_reset_dim "CIS MAS Domain ................. ${COLOR_MAGENTA}${CIS_MAS_DOMAIN}"
    echo_reset_dim "Open Shift Cluster Domain ...... ${COLOR_MAGENTA}${OCP_CLUSTER_DOMAIN}"
    echo_reset_dim "Domain ......................... ${COLOR_MAGENTA}${DOMAIN}"
    echo_reset_dim "CIS enhanced security Flag...... ${COLOR_MAGENTA}${CIS_ENHANCED_SECURITY}"
    echo_reset_dim "CIS WAF ........................ ${COLOR_MAGENTA}${CIS_WAF}"
    echo_reset_dim "CIS proxy ...................... ${COLOR_MAGENTA}${CIS_PROXY}"
    echo_reset_dim "CIS service name ............... ${COLOR_MAGENTA}${CIS_SERVICE_NAME}"
    echo_reset_dim "Update DNS entries Flag ........ ${COLOR_MAGENTA}${UPDATE_DNS_ENTRIES}"
    echo_reset_dim "DELETE_WILDCARDS Flag .......... ${COLOR_MAGENTA}${DELETE_WILDCARDS}"
    echo_reset_dim "OVERRIDE_EDGE_CERTS Flag ....... ${COLOR_MAGENTA}${OVERRIDE_EDGE_CERTS}"
    reset_colors
  fi

  echo "${TEXT_DIM}"
  if [[ "$GITHUB_PUSH" == "true" ]]; then
    echo_h4 "GitOps Target" "    "
    echo_reset_dim "Automatic Push ................. ${COLOR_GREEN}Enabled"
    echo_reset_dim "Working Directory .............. ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
    echo_reset_dim "Host ........................... ${COLOR_MAGENTA}${GITHUB_HOST}"
    echo_reset_dim "Organization ................... ${COLOR_MAGENTA}${GITHUB_ORG}"
    echo_reset_dim "Repository ..................... ${COLOR_MAGENTA}${GITHUB_REPO}"
    echo_reset_dim "Branch ......................... ${COLOR_MAGENTA}${GIT_BRANCH}"
  else
    echo_h4 "GitOps Target" "    "
    echo_reset_dim "Automatic Push ................. ${COLOR_RED}Disabled"
    echo_reset_dim "Working Directory .............. ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
  fi
  reset_colors

  if [[ -n "$MAS_CLI_IMAGE_REPO" ]]; then
    echo "${TEXT_DIM}"
    echo_h2 "MAS CLI Image" "    "
    echo_reset_dim "MAS CLI Image repo ........... ${COLOR_MAGENTA}${MAS_CLI_IMAGE_REPO}"
    reset_colors
  fi

  # Set up Suite secrets
  # ---------------------------------------------------------------------------
  echo
  echo_h2 "Configuring Suite secrets"
  AVP_TYPE=aws
  sm_login


  # Define cluster-level secrets used
  # ---------------------------------------------------------------------------
  # Note that this cluster-level secret is set up by gitops-cluster
  export SECRET_KEY_IBM_ENTITLEMENT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#image_pull_secret_b64
  
  export SECRET_NAME_AWS_ACCESS=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}aws
  export SECRET_KEY_AWS_ACCESS_KEY_ID=${SECRET_NAME_AWS_ACCESS}#sm_aws_access_key_id
  export SECRET_KEY_AWS_SECRET_ACCESS_KEY=${SECRET_NAME_AWS_ACCESS}#sm_aws_secret_access_key
  # The AWS secret is established by the gitops_cluster step

  # Get the cluster-level secrets used
  # ---------------------------------------------------------------------------
  # Note that this cluster-level secret is set up by gitops-mongo
  export SECRET_NAME_MASTER_MONGO=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mongo
  export SECRET_NAME_CIS=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}cis

  export SECRET_KEY_DOCDB_HOST=${SECRET_NAME_MASTER_MONGO}#docdb_host
  export SECRET_KEY_DOCDB_PORT=${SECRET_NAME_MASTER_MONGO}#docdb_port
  export SECRET_KEY_DOCDB_MASTER_USERNAME=${SECRET_NAME_MASTER_MONGO}#username
  export SECRET_KEY_DOCDB_MASTER_PASSWORD=${SECRET_NAME_MASTER_MONGO}#password
  export SECRET_KEY_DOCDB_MASTER_INFO=${SECRET_NAME_MASTER_MONGO}#info

  export SECRET_KEY_IBM_APIKEY=${SECRET_NAME_CIS}#ibm_apikey

  CURRENT_DIR=$PWD
  TEMP_DIR=$CURRENT_DIR/tmp-suite
  rm -rf TEMP_DIR
  mkdir -p $TEMP_DIR

  if [[ "${DNS_PROVIDER}" == "cis" ]]; then
    export CIS_SECRET_FILE=$TEMP_DIR/cis-secret.json
    sm_verify_secret_exists ${SECRET_NAME_CIS} "ibm_apikey"
    sm_get_secret_file ${SECRET_NAME_CIS} ${CIS_SECRET_FILE}
    IBM_APIKEY_VALUE=$(jq -r .ibm_apikey $CIS_SECRET_FILE)
    echo "IBM_APIKEY_VALUE ${IBM_APIKEY_VALUE:0:4}<snip>"

    if [ -z "${IBM_APIKEY_VALUE}" ] ; then
      echo "Missing ibm_apikey AWS Secret $SECRET_NAME_CIS, make sure ibm_apikey is added to AWS scret in the path $SECRET_NAME_CIS"
      exit 1
    fi
  fi
  
  # by default yaml. pass aws, in case if configuring with DocDB
  export MONGODB_PROVIDER=${MONGODB_PROVIDER:-"yaml"}

  export MONGO_SECRET_FILE=$TEMP_DIR/mongo-secret.json
  export MONGO_CONFIG_FILE=$TEMP_DIR/mongo-info.yaml

  sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mongo "username,password,info"
  sm_get_secret_file ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mongo $MONGO_SECRET_FILE

  jq -r .info $MONGO_SECRET_FILE > $MONGO_CONFIG_FILE
  MASTER_MONGO_USERNAME=$(jq -r .username $MONGO_SECRET_FILE)
  MASTER_MONGO_PASSWORD=$(jq -r .password $MONGO_SECRET_FILE)
  UNESCAPED_MONGO_INFO=$(jq -r .info $MONGO_SECRET_FILE)


  # Instance-level secrets to use
  # ---------------------------------------------------------------------------
  # Note that these instance-level secrets are set up by gitops-license
  export SECRET_KEY_LICENSE_FILE=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}${MAS_INSTANCE_ID}${SECRETS_KEY_SEPERATOR}license#license_file

  # Instance-level secrets to create
  # ---------------------------------------------------------------------------
  export SECRET_NAME_MONGO=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}${MAS_INSTANCE_ID}${SECRETS_KEY_SEPERATOR}mongo
  export SECRET_KEY_MONGO_USERNAME=${SECRET_NAME_MONGO}#username
  export SECRET_KEY_MONGO_PASSWORD=${SECRET_NAME_MONGO}#password
  export SECRET_KEY_MONGO_INFO=${SECRET_NAME_MONGO}#info

  
  export MONGO_INSTANCE_SECRET_FILE=$TEMP_DIR/mongo-instance-secret.json
  sm_get_secret_file ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}${MAS_INSTANCE_ID}${SECRETS_KEY_SEPERATOR}mongo $MONGO_INSTANCE_SECRET_FILE
  INSTANCE_MONGO_USERNAME=$(jq -r .username $MONGO_INSTANCE_SECRET_FILE)
  INSTANCE_MONGO_PASSWORD=$(jq -r .password $MONGO_INSTANCE_SECRET_FILE)

  # Setting mongo instance secret with info field copied from the cluster level secret, 
  # Instance username and password will be created in presync hook unless it is already set in the docdb secret created in federal env, this is due to the
  # presync hook not running in a federal env due to the userid requirements.
  export DOCDB_FEDERAL_INSTANCE_SECRET_FILE=$TEMP_DIR/docdb-federal-instance-secret.json
  sm_get_secret_file ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}${MAS_INSTANCE_ID}${SECRETS_KEY_SEPERATOR}docdb $DOCDB_FEDERAL_INSTANCE_SECRET_FILE
  DOCDB_FEDERAL_ACCESS_KEY=$(jq -r .access_key_id $DOCDB_FEDERAL_INSTANCE_SECRET_FILE)
  if [[ -n ${DOCDB_FEDERAL_ACCESS_KEY} ]]; then
    INSTANCE_MONGO_USERNAME=$(jq -r .access_key_id $DOCDB_FEDERAL_INSTANCE_SECRET_FILE)
    INSTANCE_MONGO_PASSWORD=$(jq -r .secret_access_key $DOCDB_FEDERAL_INSTANCE_SECRET_FILE)
    echo "gitops_suite : DOCDB_FEDERAL_ACCESS_KEY=${DOCDB_FEDERAL_ACCESS_KEY:0:8}<snip> is available in the docdb secret"
    export DOCDB_AUTHMECHANISM="MONGODB-AWS"
    export DOCDB_CONFIGDB='$$external'
  fi

  ESCAPED_INFO=${UNESCAPED_MONGO_INFO//\"/\\\"}
  ESCAPED_INFO=${ESCAPED_INFO//$'\n'/\\n}
  TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_suite\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
  sm_update_secret $SECRET_NAME_MONGO "{\"info\": \"$ESCAPED_INFO\", \"username\": \"$INSTANCE_MONGO_USERNAME\", \"password\": \"$INSTANCE_MONGO_PASSWORD\"}" "${TAGS}"
  

  if [ -z $GIT_SSH ]; then
    export GIT_SSH="false"
  fi


  # Set and Validate App Names
  # ---------------------------------------------------------------------------
  CLUSTER_ROOT_APP="cluster.${CLUSTER_ID}"
  INSTANCE_ROOT_APP="instance.${CLUSTER_ID}.${MAS_INSTANCE_ID}"
  SUITE_APP_NAME="suite.${CLUSTER_ID}.${MAS_INSTANCE_ID}"
  SLS_APP_NAME="sls.${CLUSTER_ID}.${MAS_INSTANCE_ID}"

  validate_app_name "${CLUSTER_ROOT_APP}"
  validate_app_name "${INSTANCE_ROOT_APP}"
  validate_app_name "${SUITE_APP_NAME}"
  validate_app_name "${SLS_APP_NAME}"


  # Clone github target repo
  # ---------------------------------------------------------------------------
  if [ "$GITHUB_PUSH" == "true" ]; then
    echo
    echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
    clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
  fi
  mkdir -p ${GITOPS_INSTANCE_DIR}

  # Set certs only if manual cert is True (to create k8s secret in gitops)
  # ---------------------------------------------------------------------------
  
  if [ "${MAS_MANUAL_CERT_MGMT}" == "true" ] ; then
    if [[ -n "$MAS_MANUAL_CERTS_YAML" && -s "$MAS_MANUAL_CERTS_YAML" ]]; then
      echo
      echo_h2 "Read manual cert files for core from file ${MAS_MANUAL_CERTS_YAML}, and set to gitops template"

      export MANUAL_CERTS=$(yq eval '.manual_certs' ${MAS_MANUAL_CERTS_YAML})
      export TLS_CERT=$(yq eval '.manual_certs.core_tls_crt' ${MAS_MANUAL_CERTS_YAML})
      export TLS_KEY=$(yq eval  '.manual_certs.core_tls_key' ${MAS_MANUAL_CERTS_YAML})
      export CA_CERT=$(yq eval  '.manual_certs.core_ca_crt'  ${MAS_MANUAL_CERTS_YAML})

      echo -e "\n - MANUAL_CERTS CONTENT .................. ${MANUAL_CERTS}"
      echo -e "\n - TLS_CERT CONTENT ...................... ${TLS_CERT}"
      echo -e "\n - TLS_KEY CONTENT ....................... ${TLS_KEY}"
      echo -e "\n - CA_CERT CONTENT ....................... ${CA_CERT}"

    fi
  fi
  # Set pod template yaml
  # ---------------------------------------------------------------------------
  if [[ -n "$MAS_POD_TEMPLATE_YAML" && -s "$MAS_POD_TEMPLATE_YAML" ]]; then
    export MAS_POD_TEMPLATE=$(yq eval '.podTemplates' ${MAS_POD_TEMPLATE_YAML})
    echo -e "\n - MAS_POD_TEMPLATE CONTENT .................. ${MAS_POD_TEMPLATE}"
  fi

  # Set Suite Spec additional properties
  # ---------------------------------------------------------------------------
  echo_h2 "Generating Suite Spec additional properties"
  if [[ -n "$SUITE_SPEC_ADDITIONAL_PROPERTIES_YAML" && -s "$SUITE_SPEC_ADDITIONAL_PROPERTIES_YAML" ]]; then
    export SUITE_SPEC_ADDITIONAL_PROPERTIES=$(yq eval ${SUITE_SPEC_ADDITIONAL_PROPERTIES_YAML})
    echo -e "\n - SUITE_SPEC_ADDITIONAL_PROPERTIES CONTENT ............... ${SUITE_SPEC_ADDITIONAL_PROPERTIES}"
  fi
  echo_h2 "Generating Suite Spec Settings additional properties"
  if [[ -n "$SUITE_SPEC_SETTINGS_ADDITIONAL_PROPERTIES_YAML" && -s "$SUITE_SPEC_SETTINGS_ADDITIONAL_PROPERTIES_YAML" ]]; then
    export SUITE_SPEC_SETTINGS_ADDITIONAL_PROPERTIES=$(yq eval ${SUITE_SPEC_SETTINGS_ADDITIONAL_PROPERTIES_YAML})
    echo -e "\n - SUITE_SPEC_SETTINGS_ADDITIONAL_PROPERTIES CONTENT ............... ${SUITE_SPEC_SETTINGS_ADDITIONAL_PROPERTIES}"
  fi

  # Set internal certificate authority
  # ---------------------------------------------------------------------------
  if [[ -n "$INTERNAL_CERT_AUTHORITY" ]]; then
    export INTERNAL_CERTIFICATE_AUTHORITY=${INTERNAL_CERT_AUTHORITY}
    echo -e "\n - INTERNAL_CERTIFICATE_AUTHORITY .................. ${INTERNAL_CERTIFICATE_AUTHORITY}"
  fi

  # Generate ArgoApps
  # ---------------------------------------------------------------------------
  echo
  echo_h2 "Generating Argo Project and Applications"

  echo "- Base Config"
  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2 ${GITOPS_INSTANCE_DIR}/ibm-mas-instance-base.yaml

  echo "- IBM Suite License Service"
  jinjanate --quiet --undefined --import-env='' $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-sls.yaml.j2 $MONGO_CONFIG_FILE -o ${GITOPS_INSTANCE_DIR}/ibm-sls.yaml

  echo "- IBM Maximo Application Suite Core Platform"
  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-suite.yaml.j2 ${GITOPS_INSTANCE_DIR}/ibm-mas-suite.yaml


  # Commit and push to github target repo
  # ---------------------------------------------------------------------------
  if [ "$GITHUB_PUSH" == "true" ]; then

    echo
    echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
    save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
    remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
  fi

  rm -rf $TEMP_DIR

}
