#!/bin/bash

set -e

if [ "$#" -lt 3 ]; then
  echo "Usage: $0 USER_POOL_ID USERNAME PASSWORD [--admin]"
  exit 1
fi

USER_POOL_ID=$1
USERNAME=$2
PASSWORD=$3
ADMIN_FLAG=${4:-""}

# Create user with temporary password
CREATE_CMD="aws cognito-idp admin-create-user --no-cli-pager \
  --user-pool-id \"$USER_POOL_ID\" \
  --username \"$USERNAME\" \
  --temporary-password \"TempPass123!\" \
  --output json > /dev/null 2>&1"

if [ "$ADMIN_FLAG" == "--admin" ]; then
  CREATE_CMD+=" --user-attributes Name=zoneinfo,Value=admin"
fi

eval "$CREATE_CMD"

# Set permanent password
aws cognito-idp admin-set-user-password --no-cli-pager \
  --user-pool-id "$USER_POOL_ID" \
  --username "$USERNAME" \
  --password "$PASSWORD" \
  --permanent \
  --output json > /dev/null 2>&1

echo "User $USERNAME created successfully"