#!/usr/bin/python
# Copyright (c) 2017-present Alibaba Group Holding Limited. <xiaozhu36>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

from __future__ import (absolute_import, division, print_function)

__metaclass__ = type

ANSIBLE_METADATA = {'metadata_version': '1.1',
                    'status': ['preview'],
                    'supported_by': 'community'}

DOCUMENTATION = """
---
module: ali_ram_login_profile
short_description: Create, Delete, Update Ram login profile in Alibaba Cloud.
description:
    - Create, Delete, Update Ram login profile in Alibaba Cloud.
options:
  state:
    description:
      - If I(state=present), ram login profile will be created.
      - If I(state=present) and login profile exists, it will be updated.
      - If I(state=absent), ram login profile will be removed.
    default: 'present'
    choices: ['present', 'absent']
    type: str
  user_name:
    description:
      - The username.
    aliases: ['name']
    required: True
    type: str
  password:
    description:
      - The password.
    type: str 
  new_password:
    description:
      - The new password. Required when update password.
    type: str
  password_reset_required:
    description:
      - Specifies whether you need to change your password upon logon.
    default: False
    type: bool
  mfa_bind_required:
    description:
      - Specifies whether you need to attach an MFA device upon the next logon.
    default: False
    type: bool
requirements:
    - "python >= 3.6"
    - "footmark >= 1.17.0"
extends_documentation_fragment:
    - alibaba.alicloud.alicloud
author:
  - "He Guimin (@xiaozhu36)"
"""

EXAMPLES = """
# Note: These examples do not set authentication details, see the Alibaba Cloud Guide for details.
- name: Changed. Create login profile
  alibaba.alicloud.ali_ram_login_profile:
    user_name: ansible
    password: YourPassword
    password_reset_required: True

- name: Changed. update login profile
  alibaba.alicloud.ali_ram_login_profile:
    user_name: ansible
    password: YourNewPassword

- name: Changed. Delete login profile
  alibaba.alicloud.ali_ram_login_profile:
    state: absent
    user_name: ansible
"""

RETURN = '''
user:
    description: Returns an array of complex objects as described below.
    returned: always
    type: complex
    contains:
        create_date:
            description: The creation time.
            returned: always
            type: str
            sample: '2015-01-23T12:33:18Z'
        mfabind_required:
            description: Indicates that you must attach an MFA device.
            returned: always
            type: bool
            sample: False
        password_reset_required:
            description: Indicates that you must change your password upon next logon.
            returned: always
            type: bool
            sample: False
        user_name:
            description: The username.
            returned: always
            type: str
            sample: Alice
'''
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.alibaba.alicloud.plugins.module_utils.alicloud_ecs import ecs_argument_spec, ram_connect

HAS_FOOTMARK = False

try:
    from footmark.exception import RAMResponseError
    HAS_FOOTMARK = True
except ImportError:
    HAS_FOOTMARK = False


def profile_exists(module, ram_conn, user_name):
    try:
        return ram_conn.get_login_profile(user_name=user_name)
    except Exception as e:
        module.fail_json(msg="Failed to get profile: {0}".format(e))


def main():
    argument_spec = ecs_argument_spec()
    argument_spec.update(dict(
        state=dict(default='present', choices=['present', 'absent']),
        user_name=dict(type='str', required=True, aliases=['name']),
        password=dict(type='str'),
        new_password=dict(type='str'),
        password_reset_required=dict(type='bool', default=False),
        mfa_bind_required=dict(type='bool', default=False)
    ))

    module = AnsibleModule(argument_spec=argument_spec)

    if HAS_FOOTMARK is False:
        module.fail_json(msg='footmark required for this module.')

    ram_conn = ram_connect(module)

    # Get values of variable
    state = module.params['state']
    user_name = module.params['user_name']
    changed = False

    # Check if profile exists
    profile = profile_exists(module, ram_conn, user_name)
    # module.exit_json(changed=True, profile=profile.read())

    if state == 'absent':
        if not profile:
            module.exit_json(changed=changed, profile={})
        try:
            changed = ram_conn.delete_login_profile(**module.params)
            module.exit_json(changed=changed, profile={})
        except RAMResponseError as ex:
            module.fail_json(msg='Unable to delete profile error: {}'.format(ex))

    if not profile:
        try:
            profile = ram_conn.create_login_profile(**module.params)
            module.exit_json(changed=True, profile=profile.read())
        except RAMResponseError as e:
            module.fail_json(msg='Unable to create profile, error: {0}'.format(e))

    try:
        changed = profile.update(**module.params)
        module.exit_json(changed=changed, profile=profile.read())
    except Exception as e:
        module.fail_json(msg='Unable to update profile, error: {0}'.format(e))


if __name__ == '__main__':
    main()