#!/usr/bin/bash

if [[ "${BASH_SOURCE[0]}" != "${0}" ]]; then
  echo "This script is intended to be run, not sourced." >&2
  return 1
fi

set -e

read -srp "Enter the new Discovery server password: " dsc_pass
echo
read -srp "Re-enter the password: " dsc_pass2
echo
if [ ! "${dsc_pass}" = "${dsc_pass2}" ]; then
  echo "Passwords do not match." 1>&2
  exit 1
fi
[[ ${#dsc_pass} -lt 10 ]] && echo "Password must be at least 10 characters long." 1>&2 && exit 1
! [[ "${dsc_pass}" =~ [a-zA-Z] ]] && echo "Password must contain at least one alpha character." 1>&2 && exit 1
for bad_pass in "dscpassw0rd" "qpcpassw0rd"; do
  [[ "${dsc_pass}" == "${bad_pass}" ]] && echo "Password cannot be ${bad_pass}" 1>&2 && exit 1
done
podman secret rm discovery-server-password >/dev/null 2>&1 || true
printf '%s' "${dsc_pass}" | podman secret create discovery-server-password -
podman secret ls --filter name=discovery-server-password
