"""This is the ASF LDAP plugin for Boxer. It establishes an LDAP connection and reads project memberships.
   If a projects.yaml (or other override file specified) exists, it can read LDAP overrides from it for specific groups.

   A typical override setting would involve either an alternate LDAP base or a hardcoded list of members/owners,
   for instance:

   infrastructure:
     ldap: cn=infrastructure,ou=groups,ou=services,dc=apache,dc=org

   foundation:
     members: kp sk humbedooh
     owners: sk
"""
import bonsai
import typing
import re
import yaml
import os

UID_RE = re.compile(r"^(?:uid=)?([^,]+)")
PROJECTS_OVERRIDE = "projects.yaml"


class LDAPConfig:
    uri: str
    binddn: str
    bindpw: str
    userbase: str
    ldapbase: str
    groupbase: str

    def __init__(self, subyaml: dict = {}):
        self.uri = str(subyaml.get("uri", ""))
        self.binddn = str(subyaml.get("binddn", ""))
        self.bindpw = str(subyaml.get("bindpw", ""))
        self.userbase = str(subyaml.get("userbase", ""))
        self.ldapbase = str(subyaml.get("ldapbase", ""))
        self.groupbase = str(subyaml.get("groupbase", ""))


class LDAPClient:
    config: LDAPConfig
    client: typing.Optional[bonsai.LDAPClient]
    connection: typing.Optional[bonsai.LDAPConnection]
    ldap_override: dict

    def __init__(self, config: LDAPConfig, ldap_override_yaml=PROJECTS_OVERRIDE):
        self.config = config
        self.client = None
        self.connection = None
        self.ldap_override = {}
        if ldap_override_yaml and os.path.exists(ldap_override_yaml):
            try:
                self.ldap_override = yaml.safe_load(open(ldap_override_yaml))
            except yaml.YAMLError as err:
                print(f"Could not load ldap override yaml, {ldap_override_yaml}: {err}")

    async def __aenter__(self):
        """Initializes an LDAP connection and returns the connection is success, None otherwise"""
        self.client = bonsai.LDAPClient(self.config.uri)
        self.client.set_credentials("SIMPLE", self.config.binddn, self.config.bindpw)
        self.client.set_cert_policy("allow")  # TODO: Load our cert(?)
        # Hack around GnuTLS bug with async... - https://github.com/noirello/bonsai/issues/25
        bonsai.set_connect_async(False)
        self.connection = await self.client.connect(is_async=True)
        bonsai.set_connect_async(True)
        return self

    async def get_members(self, group: str):
        """Async fetching of members/owners of a standard project group."""
        ldap_base = self.config.groupbase % group
        ldap_owner_base = None
        members = []
        owners = []

        member_attr = "member"
        owner_attr = "owner"

        if self.ldap_override and group in self.ldap_override:
            if "ldap" in self.ldap_override[group]:
                ldap_base = self.ldap_override[group]["ldap"]
                print("Using LDAP override for group %s: %s" % (group, ldap_base))
            if "ldap_owner" in self.ldap_override[group]:
                ldap_owner_base = self.ldap_override[group]["ldap_owner"]
                print("Using LDAP override for PMC group %s: %s" % (group, ldap_owner_base))
            if "member_attr" in self.ldap_override[group]:
                member_attr = self.ldap_override[group]["member_attr"]
                print("Using LDAP member attribute override for group %s: %s" % (group, member_attr))
            if "owner_attr" in self.ldap_override[group]:
                owner_attr = self.ldap_override[group]["owner_attr"]
                print("Using LDAP owner attribute override for group %s: %s" % (group, owner_attr))
            if "members" in self.ldap_override[group]:
                members = self.ldap_override[group]["members"]
                print(f"Using membership override for group {group}: {members}")
            if "owners" in self.ldap_override[group]:
                owners = self.ldap_override[group]["owners"]
                print(f"Using ownership override for group {group}: {owners}")
        if owners and members:
            return owners, members
        try:
            attrs = set([member_attr, owner_attr])
            assert self.connection, "LDAP Not connected"
            rv = await self.connection.search(
                ldap_base, bonsai.LDAPSearchScope.SUBTREE, None, list(attrs)
            )
            if rv:
                if not members and member_attr in rv[0]:
                    for member in rv[0][member_attr]:
                        m = UID_RE.match(member)
                        if m:
                            members.append(m.group(1))
                if (not ldap_owner_base) and not owners and owner_attr in rv[0]:
                    for owner in rv[0][owner_attr]:
                        m = UID_RE.match(owner)
                        if m:
                            owners.append(m.group(1))
            if ldap_owner_base:
                rv = await self.connection.search(
                    ldap_owner_base, bonsai.LDAPSearchScope.SUBTREE, None, [owner_attr]
                )
                if rv:
                    if not owners and owner_attr in rv[0]:
                        for owner in rv[0][owner_attr]:
                            m = UID_RE.match(owner)
                            if m:
                                owners.append(m.group(1))
            return list(sorted(members)), list(sorted(owners))

        except Exception as e:
            print(f"LDAP Exception for group {group}: {e}")
            return [], []

    async def __aexit__(self, exc_type, exc_val, exc_tb):
        if self.connection:
            self.connection.close()