#!/bin/bash

set -e

# Set the profile name
profile_name=$1
region=ap-south-1

# Run the command to export SSO credentials
sso_export=$(aws-sso-creds export --profile "$profile_name")

# Extract the access key, secret key, and session token from the export output
aws_access_key_id=$(echo "$sso_export" | grep AWS_ACCESS_KEY_ID | cut -d= -f2)
aws_secret_access_key=$(echo "$sso_export" | grep AWS_SECRET_ACCESS_KEY | cut -d= -f2)
aws_session_token=$(echo "$sso_export" | grep AWS_SESSION_TOKEN | cut -d= -f2)

# Create or update the AWS credentials file
creds_file=~/.aws/credentials

if [ -f "$creds_file" ]; then
  # Create a temporary file to store updated credentials
  tmp_file=$(mktemp)

  # Flag to track if the profile exists in the credentials file
  profile_exists=false

  while read -r line; do
    if echo "$line" | grep -q "^\[$profile_name\]$"; then
      # Found the profile, update the credentials
      profile_exists=true
      echo "$line" >> "$tmp_file"
      echo "aws_access_key_id=$aws_access_key_id" >> "$tmp_file"
      echo "aws_secret_access_key=$aws_secret_access_key" >> "$tmp_file"
      echo "aws_session_token=$aws_session_token" >> "$tmp_file"
      echo "region=$region" >> "$tmp_file"

      # Skip the existing credentials for the profile
      while read -r sub_line; do
        if [ "$sub_line" = "" ]; then
          break
        fi
      done
    else
      echo "$line" >> "$tmp_file"
    fi
  done < "$creds_file"

  # If the profile does not exist, append the credentials to the temporary file
  if [ "$profile_exists" = false ]; then
    echo -e "\n[$profile_name]" >> "$tmp_file"
    echo "aws_access_key_id=$aws_access_key_id" >> "$tmp_file"
    echo "aws_secret_access_key=$aws_secret_access_key" >> "$tmp_file"
    echo "aws_session_token=$aws_session_token" >> "$tmp_file"
    echo "region=$region" >> "$tmp_file"
  fi

  # Replace the original credentials file with the updated file
  mv "$tmp_file" "$creds_file"
else
  # Create a new credentials file
  echo -e "[$profile_name]\naws_access_key_id=$aws_access_key_id\naws_secret_access_key=$aws_secret_access_key\naws_session_token=$aws_session_token\nregion=$region" > "$creds_file"
fi

echo "AWS credentials file updated with credentials for profile '$profile_name'"