apiVersion: v1
kind: ConfigMap
metadata:
  name: vault-backup-script
  namespace: vault
  labels:
    app.kubernetes.io/name: vault-backup-script
    app.kubernetes.io/instance: vault
    app.kubernetes.io/part-of: vault
data:
  backup.sh: |
    echo " ";
    echo ">> Running S3 backup for Vault snapshot";
    OUTPUT=$(s3cmd sync --no-check-certificate -v /opt/backup "${BUCKET}/cl01tl/cl01tl-vault-snapshots/" 2>&1)
    STATUS=$?

    echo " ";
    if [ $STATUS -ne 0 ]; then
        if echo "$OUTPUT" | grep -q "403 Forbidden"; then
            MESSAGE="403 Authentication Error: Your keys are wrong or you don't have permission"
        elif echo "$OUTPUT" | grep -q "404 Not Found"; then
            MESSAGE="404 Error: The bucket or folder does not exist"
        elif echo "$OUTPUT" | grep -q "Connection refused"; then
            MESSAGE="Network Error: Cannot reach the S3 endpoint"
        else
            MESSAGE="Unknown Error: $OUTPUT"
            echo ">> Unknown Error, output:"
            echo " "
            echo "$OUTPUT"
            echo " "
        fi

        echo ">> Message: $MESSAGE"

        echo ">> Sending to NTFY ..."
        curl \
            -H "Authorization: Bearer ${NTFY_TOKEN}" \
            -H "X-Priority: 5" \
            -H "X-Tags: warning" \
            -H "X-Title: Vault Backup Failed for ${TARGET}" \
            -d "$MESSAGE" \
            ${NTFY_ENDPOINT}/${NTFY_TOPIC}
    else
        echo ">> S3 Sync succeeded"
    fi