#!/bin/bash
# vault-check-health.sh — Verifies cluster health over the network (no token required).
# Returns 0 (success) if all 3 nodes are initialized and unsealed.

VAULT_NODES=("vault-1.iklim.co" "vault-2.iklim.co" "vault-3.iklim.co")
HEALTHY_COUNT=0

echo "  --> Starting cluster health check (network-based)..."

for node in "${VAULT_NODES[@]}"; do
    # Check the /v1/sys/health endpoint for each node.
    # 200: Initialized, unsealed, active
    # 429: Initialized, unsealed, standby
    # 501: Not initialized
    # 503: Sealed
    
    status_code=$(docker run --rm --network iklimco-net alpine/curl -s -o /dev/null -w "%{http_code}" \
        --max-time 3 -k "https://${node}:8200/v1/sys/health" || echo "000")

    if [ "$status_code" = "200" ] || [ "$status_code" = "429" ]; then
        echo "      [✓] $node: Healthy (Status: $status_code)"
        HEALTHY_COUNT=$((HEALTHY_COUNT + 1))
    else
        echo "      [!] $node: Problematic or Not Responding (Status: $status_code)"
    fi
done

if [ "$HEALTHY_COUNT" -eq 3 ]; then
    echo "  --> Result: All nodes (3/3) are healthy."
    exit 0
else
    echo "  --> Result: Cluster is not fully healthy ($HEALTHY_COUNT/3)."
    exit 1
fi