#!/bin/bash
set -e

CERT_DIR=/var/lib/postgresql/ssl
mkdir -p ${CERT_DIR}

# get the latest bigbang.dev cert
wget -q -O /tmp/ingress-certs.yaml https://repo1.dso.mil/big-bang/bigbang/-/raw/master/chart/ingress-certs.yaml
# extract private key
cat /tmp/ingress-certs.yaml | awk '/-----BEGIN PRIVATE KEY-----/{p=1} p; /-----END PRIVATE KEY-----/{exit}' | awk '{ sub(/^[ \t]+/, ""); print }' > ${CERT_DIR}/server.key
# extract certs
cat /tmp/ingress-certs.yaml | awk '/-----BEGIN CERTIFICATE-----/{p=1} p; /-----END CERTIFICATE-----^\s*$/{exit}' | awk '{ sub(/^[ \t]+/, ""); print }' > ${CERT_DIR}/server.crt

# cert permissions for postgres checks
chown postgres:postgres ${CERT_DIR}/*
chmod 0600 ${CERT_DIR}/*

# call original entrypoint in the postgres image
/usr/local/bin/docker-entrypoint.sh "$@"