apiVersion: v1
kind: ConfigMap
metadata:
  name: vault-snapshot-script
  namespace: vault
  labels:
    app.kubernetes.io/name: vault-snapshot-script
    app.kubernetes.io/instance: vault
    app.kubernetes.io/part-of: vault
data:
  snapshot.sh: |
    MAX_RETRIES=5
    SUCCESS=false

    for ((i=1; i<=$MAX_RETRIES; i++)); do
        if apk update --short &> /dev/null; then
            echo ">> Attempt $i: Repositories are reachable";
            SUCCESS=true;
            break;
        else
            echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
            sleep 5;
        fi;
    done;

    if [ "$SUCCESS" = false ]; then
        echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
        exit 1;
    fi

    if ! command -v jq 2>&1 >/dev/null;
    then
        echo "jq could not be found, installing";
        apk add --no-cache jq;
        if [ $? -eq 0 ]; then
            echo ">> Installation successful";
        else
            echo ">> Installation failed with exit code $?";
            exit 1;
        fi;
    fi;

    echo " ";
    echo ">> Fetching Vault token";
    export VAULT_TOKEN=$(vault write auth/approle/login role_id=$VAULT_APPROLE_ROLE_ID secret_id=$VAULT_APPROLE_SECRET_ID -format=json | jq -r .auth.client_token);

    echo " ";
    echo ">> Taking Vault snapsot ...";
    vault operator raft snapshot save /opt/backup/vault-snapshot-$(date +"%Y%m%d-%H-%M").snap

    echo " ";
    echo ">> Completed Vault snapshot";