# Place the cloud's CA certificate in a file readable by the openstackclients snap
_snap_user_dir=~/snap/openstackclients/common
if [ ! -d $_snap_user_dir ]; then
    mkdir -p $_snap_user_dir
fi
_root_ca=$_snap_user_dir/root-ca.crt
juju run -u vault/leader -- 'leader-get root-ca' | tee $_root_ca >/dev/null 2>&1

# Find an IP address for Keystone
_keystone_vip=$(juju config keystone vip)
if [ -n "$_keystone_vip" ]; then
    _keystone_ip=$(echo $_keystone_vip | awk '{print $1}')
else
    _keystone_ip=$(juju run -u keystone/leader -- 'network-get --bind-address public')
fi

# Query for the Keystone admin password
_password=$(juju run -u keystone/leader -- 'leader-get admin_passwd')

# Set the OpenStack environment variables
export OS_AUTH_PROTOCOL=https
export OS_CACERT=${_root_ca}
export OS_AUTH_URL=${OS_AUTH_PROTOCOL:-http}://${_keystone_ip}:5000/v3
export OS_USERNAME=admin
export OS_PASSWORD=${_password}
export OS_USER_DOMAIN_NAME=admin_domain
export OS_PROJECT_DOMAIN_NAME=admin_domain
export OS_PROJECT_NAME=admin
export OS_REGION_NAME=RegionOne
export OS_IDENTITY_API_VERSION=3
# Swift needs this
export OS_AUTH_VERSION=3
# Gnocchi needs this
export OS_AUTH_TYPE=password

echo "To print the values to screen (including the admin password):"
echo
echo "   env | grep OS_"