# Natera-sensitive configuration (do not commit the real file)
# Copy this file to zshrc-natera.private and fill in the placeholders.
# zshrc-natera.private is gitignored.

# AWS profile (contains account ID)
export AWS_PROFILE="YOUR_AWS_PROFILE_NAME"

# OpenTelemetry endpoint (internal)
export OTEL_EXPORTER_OTLP_ENDPOINT="http://YOUR_OTEL_ENDPOINT:4318"

# Netskope TLS cert bundle path (Natera corp)
export AWS_CA_BUNDLE=~/.aws/nskp_config/netskope-cert-bundle.pem
export REQUESTS_CA_BUNDLE=~/.aws/nskp_config/netskope-cert-bundle.pem
export SSL_CERT_FILE=~/.aws/nskp_config/netskope-cert-bundle.pem
export NODE_EXTRA_CA_CERTS=~/.aws/nskp_config/netskope-cert-bundle.pem

# Refresh: close tunnel if open, then SSO login + jumpbox + boring open (replace placeholders)
refresh() {
  boring close YOUR_BORING_TARGET 2>/dev/null
  aws sso login && ssh -i ~/work/pems/YOUR_JUMPBOX_PEM ec2-user@JUMPBOX_IP exit && boring open YOUR_BORING_TARGET
}

# Database password retrieval function (replace ARNs and profile names with your actual values)
function dbpass {
  local env="${1:-dev}"
  local secret_id profile

  case "$env" in
    dev)
      secret_id='arn:aws:secretsmanager:REGION:ACCOUNT_ID:secret:YOUR_DEV_SECRET_ARN'
      profile='YOUR_DEV_AWS_PROFILE'
      ;;
    uat)
      secret_id='arn:aws:secretsmanager:REGION:ACCOUNT_ID:secret:YOUR_UAT_SECRET_ARN'
      profile='YOUR_UAT_AWS_PROFILE'
      ;;
    *)
      echo "Usage: dbpass [dev|uat]"
      return 1
      ;;
  esac

  aws secretsmanager get-secret-value \
    --secret-id "$secret_id" \
    --region us-west-2 \
    --profile "$profile" \
    --query 'SecretString' \
    --output text \
  | jq -r '.password' \
  | pbcopy
}