# a define for creating a single certificate
# - domain: the domain to generate a certificate for
# - webserver: where to download the certificate from
# - destination: the data directory on the client
# - notify_service: what service to notify when the concat exec completes
define certbot::client::cert (
  Stdlib::Fqdn          $domain,
  Stdlib::Fqdn          $webserver,
  Stdlib::Absolutepath  $destination = "/etc/pki/tls/letsencrypt/${domain}",
  Optional[String]      $notify_service = undef,
) {

  file { $destination:
    ensure => directory,
    owner  => 'root',
    group  => 'root',
    mode   => '0755',
  }

  $cert_ready_nodes = puppetdb_query("
    facts {
      name = 'certbot_available_certs' and value ~ '${domain}' and certname = '${webserver}'
    }"
  )

  # Define the certificate files
  $cert_files = ['cert.pem', 'chain.pem', 'fullchain.pem', 'privkey.pem']

  if !empty($cert_ready_nodes) {
    $files_to_create = $cert_files.reduce({}) |$acc, $file| {
      $acc + {
        "${destination}/${file}" => {
          ensure  => 'file',
          source  => "https://${webserver}/${domain}/${file}",
          owner   => 'root',
          group   => 'root',
          mode    => '0644',
          notify  => Exec["concat_${domain}_certs"],
        }
      }
    }

    # create file resources
    create_resources(file, $files_to_create)

    # if notify_service is specified
    if $notify_service != undef {
      $service = Service[$notify_service]
    }else{
      $service = undef
    }

    exec { "concat_${domain}_certs":
      command     => "cat ${destination}/fullchain.pem ${destination}/privkey.pem > ${destination}/fullchain_combined.pem",
      path        => ['/bin', '/usr/bin'],
      refreshonly => true,
      require     => [
        File["${destination}/fullchain.pem"],
        File["${destination}/privkey.pem"],
      ],
      notify      => $service,
    }
  } else {
    notify { 'Certificates are not yet ready on the generator server.': }
  }
}