#!/usr/bin/env bash
set -euo pipefail

if [ -z "${CONFIG_FILE-}" ] && [ -f "${CONFIG_FILE-}" ]; then
    . "${CONFIG_FILE}"
fi
POSITIONAL_ARGS=()

while [[ $# -gt 0 ]]; do
  case $1 in
    -n|--name)
      AZURE_VM_NAME="$2"
      shift # past argument
      shift # past value
      ;;
    -g|--gallery)
      CREATE_FROM_GALLERY=YES
      shift # past argument
      ;;
    -d|--disk)
      CREATE_FROM_GALLERY=NO
      shift # past argument
      ;;
    --secure-boot)
      AZURE_SECURE_BOOT="$2"
      shift # past argument
      shift # past value
      ;;
    --disk-name)
      AZURE_DISK_NAME="$2"
      shift # past argument
      shift # past value
      ;;
    -*|--*)
      echo "Unknown option $1"
      exit 1
      ;;
    *)
      POSITIONAL_ARGS+=("$1") # save positional arg
      shift # past argument
      ;;
  esac
done

set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters

if [[ "${AZURE_SECURITY_TYPE}" == "ConfidentialVM" ]]; then
  VMSIZE="Standard_DC2as_v5"
elif [[ "${AZURE_SECURITY_TYPE}" == "TrustedLaunch" ]]; then
  VMSIZE="standard_D2as_v5"
else
  echo "Unknown security type: ${AZURE_SECURITY_TYPE}"
  exit 1
fi

create_vm_from_disk () {
    AZURE_DISK_REFERENCE=$(az disk show --resource-group ${AZURE_RESOURCE_GROUP_NAME} --name ${AZURE_DISK_NAME} --query id -o tsv)
    az vm create --name "${AZURE_VM_NAME}" \
        --resource-group "${AZURE_RESOURCE_GROUP_NAME}" \
        -l ${AZURE_REGION} \
        --size "${VMSIZE}" \
        --public-ip-sku Standard \
        --os-type Linux \
        --attach-os-disk "${AZURE_DISK_REFERENCE}" \
        --security-type "${AZURE_SECURITY_TYPE}" \
        --os-disk-security-encryption-type VMGuestStateOnly \
        --enable-vtpm true \
        --enable-secure-boot "${AZURE_SECURE_BOOT}" \
        --boot-diagnostics-storage "" \
        --no-wait
}

create_vm_from_sig () {
    AZURE_IMAGE_REFERENCE=$(az sig image-version show \
        --gallery-image-definition "${AZURE_IMAGE_DEFINITION}" \
        --gallery-image-version "${AZURE_IMAGE_VERSION}" \
        --gallery-name "${AZURE_GALLERY_NAME}" \
        -g "${AZURE_RESOURCE_GROUP_NAME}" \
        --query id -o tsv)
    az vm create --name "${AZURE_VM_NAME}" \
        --resource-group "${AZURE_RESOURCE_GROUP_NAME}" \
        -l ${AZURE_REGION} \
        --size "${VMSIZE}" \
        --public-ip-sku Standard \
        --image "${AZURE_IMAGE_REFERENCE}" \
        --security-type "${AZURE_SECURITY_TYPE}" \
        --os-disk-security-encryption-type VMGuestStateOnly \
        --enable-vtpm true \
        --enable-secure-boot "${AZURE_SECURE_BOOT}" \
        --boot-diagnostics-storage "" \
        --no-wait
}

if [ "$CREATE_FROM_GALLERY" = "YES" ]; then
    create_vm_from_sig
else
    create_vm_from_disk
fi

sleep 30
az vm boot-diagnostics enable --name "${AZURE_VM_NAME}" --resource-group "${AZURE_RESOURCE_GROUP_NAME}"