#!/usr/bin/env python
# -*- encoding: utf-8 -*-
import json
import logging

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.request import CommonRequest
from aliyunsdkcore.http import protocol_type

"""
该函数周期触发方式为周期执行。
收到周期性触发事件后，查询需要评估的ACK集群列表，遍历集群信息获取集群的节点列表，再遍历节点列表逐个判断是否安装云监控插件，如果节点都已安装云监控插件则视该集群为合规，否则视为不合规。
周期性评估回写评估结果时开启删除无效评估模式，config会自动将本周期产生的评估之外的评估结果进行删除
"""
logger = logging.getLogger()
# 合规类型
COMPLIANCE_TYPE_COMPLIANT = 'COMPLIANT'
COMPLIANCE_TYPE_NON_COMPLIANT = 'NON_COMPLIANT'
COMPLIANCE_TYPE_NOT_APPLICABLE = 'NOT_APPLICABLE'

# Config api endpoint, International sites use ap-southeast-1 and config.ap-southeast-1.aliyuncs.com
CONFIG_SERVICE_REGION = 'cn-shanghai'
CONFIG_SERVICE_ENDPOINT = 'config.cn-shanghai.aliyuncs.com'
AK = '******'
SK = '******'


# 入口方法
def handler(event, context):
    evt = validate_event(event)
    if not evt:
        return None

    result_token = evt.get('resultToken')
    ordering_timestamp = evt.get('orderingTimestamp')
    invoking_event = evt.get('invokingEvent')
    account_id = invoking_event.get('accountId')
    # regionId = invoking_event.get('configurationItem')['regionId']
    client = AcsClient(AK, SK, CONFIG_SERVICE_REGION)
    evaluations = []
    # ResourceType supported by the config
    resource_type = "ACS::ACK::Cluster"
    # 查询集群列表并逐个校验集群检查情况
    page_number = 1
    page_size = 50
    cluster_total = 0
    while page_number == 1 or (cluster_total > page_size * page_number):
        cluster_page_json = query_cluster_page(client, page_size, page_number)
        if "clusters" in cluster_page_json and cluster_page_json["clusters"]:
            for cluster in cluster_page_json["clusters"]:
                logger.info(cluster["cluster_id"])
                compliant_result = query_nodes_evaluation(client, cluster["cluster_id"])
                if compliant_result:
                    evaluation = {
                        'accountId': account_id,
                        'complianceResourceId': cluster["cluster_id"],
                        'complianceResourceType': resource_type,
                        'orderingTimestamp': ordering_timestamp,
                        'complianceType': COMPLIANCE_TYPE_COMPLIANT,
                        'annotation': json.dumps({}),
                        'complianceRegionId': cluster["region_id"]
                    }
                    evaluations.append(evaluation)
                else:
                    evaluation = {
                        'accountId': account_id,
                        'complianceResourceId': cluster["cluster_id"],
                        'complianceResourceType': resource_type,
                        'orderingTimestamp': ordering_timestamp,
                        'complianceType': COMPLIANCE_TYPE_NON_COMPLIANT,
                        'annotation': json.dumps(
                            {'configuration': 'Not all nodes installed monitor agent.',
                             'desiredValue': 'All nodes installed monitor agent.'}),
                        'complianceRegionId': cluster["region_id"]
                    }
                    evaluations.append(evaluation)
        else:
            break

        page_number = page_number + 1
        if "page_info" in cluster_page_json and cluster_page_json["page_info"] and "total_count" \
                in cluster_page_json["page_info"] and cluster_page_json["page_info"]["total_count"]:
            cluster_total = cluster_page_json["page_info"]["total_count"]

    put_evaluations(context, result_token, evaluations)
    return evaluations


def query_cluster_page(clt, page_size, page_number):
    request = CommonRequest(
        'cs.aliyuncs.com',
        '2015-12-15',
        uri_pattern='/api/v1/clusters'
    )
    request.add_query_param('page_size', page_size)
    request.add_query_param('page_number', page_number)
    response = clt.do_action_with_exception(request)
    res = str(response, encoding='utf-8')
    json_res = json.loads(res)
    return json_res


# 查询集群节点列表，并校验是否全部安装云监控插件且状态为运行中
def query_nodes_evaluation(clt, cluster_id):
    compliance_result = True
    page_number = 1
    page_size = 50
    cluster_total = 0
    while page_number == 1 or (cluster_total > page_size * page_number):
        request = CommonRequest(
            'cs.aliyuncs.com',
            '2015-12-15',
            uri_pattern='/clusters/' + cluster_id + '/nodes'
        )
        request.set_protocol_type(protocol_type.HTTPS)
        request.add_query_param('pageSize', page_size)
        request.add_query_param('pageNumber', page_number)
        response = clt.do_action_with_exception(request)
        res = str(response, encoding='utf-8')
        json_res = json.loads(res)

        instance_id_set = set()
        if "nodes" in json_res and json_res["nodes"]:
            for node in json_res["nodes"]:
                instance_id_set.add(node["instance_id"])
            compliance_result = query_instances_monitor_status(clt, instance_id_set)
            if not compliance_result:
                return compliance_result
        else:
            break

        page_number = page_number + 1
        if "page" in json_res and json_res["page"] and "total_count" in json_res["page"] and \
                json_res["page"]["total_count"]:
            cluster_total = json_res["page"]["total_count"]
    return compliance_result


# 批量查询实例列表云监控插件状态是否全为运行中
def query_instances_monitor_status(clt, instance_id_set):
    compliance_result = True
    instance_id_str = ",".join(instance_id_set)
    request = CommonRequest()
    request.set_protocol_type(protocol_type.HTTPS)
    request.set_domain('metrics.aliyuncs.com')
    request.set_version('2019-01-01')
    request.set_action_name('DescribeMonitoringAgentStatuses')
    request.set_method('GET')
    request.add_query_param('InstanceIds', instance_id_str)
    response = clt.do_action_with_exception(request)
    res = str(response, encoding='utf-8')
    json_res = json.loads(res)
    if "NodeStatusList" in json_res and json_res["NodeStatusList"] and "NodeStatus" in json_res["NodeStatusList"] and \
            json_res["NodeStatusList"]["NodeStatus"]:
        if len(json_res["NodeStatusList"]["NodeStatus"]) != len(instance_id_set):
            logger.warn('Query monitor list len not equal input: {}'.format(instance_id_str))
            compliance_result = False
        else:
            for status in json_res["NodeStatusList"]["NodeStatus"]:
                if status["Status"] != "running":
                    compliance_result = False
                    break
    else:
        compliance_result = False
    return compliance_result


def validate_event(event):
    if not event:
        logger.error('Event is empty.')
    evt = parse_json(event)
    logger.info('Loading event: %s .' % evt)

    if 'resultToken' not in evt:
        logger.error('ResultToken is empty.')
        return None
    if 'ruleParameters' not in evt:
        logger.error('RuleParameters is empty.')
        return None
    if 'invokingEvent' not in evt:
        logger.error('InvokingEvent is empty.')
        return None
    return evt


def parse_json(content):
    try:
        return json.loads(content)
    except Exception as e:
        logger.error('Parse content:{} to json error:{}.'.format(content, e))
        return None


def put_evaluations(context, result_token, evaluations):
    client = AcsClient(AK, SK, CONFIG_SERVICE_REGION)

    request = CommonRequest()
    request.set_domain(CONFIG_SERVICE_ENDPOINT)
    request.set_version('2019-01-08')
    request.set_action_name('PutEvaluations')
    request.add_body_params('ResultToken', result_token)
    request.add_body_params('Evaluations', evaluations)
    # 开启删除模式，config会自动删除非本周期内评估的记录
    request.add_body_params('DeleteMode', True)
    request.set_method('POST')

    try:
        response = client.do_action_with_exception(request)
        logger.info('PutEvaluations with request: {}, response: {}.'.format(request, response))
    except Exception as e:
        logger.error('PutEvaluations error: %s' % e)