# frozen_string_literal: true

#
# Copyright:: 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/apache2.0/
#
# or in the "LICENSE.txt" file accompanying this file.
# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
# See the License for the specific language governing permissions and limitations under the License.

# This is the local system directory at which we want to mount the EFS mount point
property :shared_dir_array, Array, required: %i(mount unmount)
property :efs_fs_id_array, Array, required: %i(mount unmount)
property :efs_encryption_in_transit_array, Array, required: false
property :efs_iam_authorization_array, Array, required: false
property :efs_access_point_id_array, Array, required: false
# This is the mount point on the EFS itself, as opposed to the local system directory, defaults to "/"
property :efs_mount_point_array, Array, required: false
property :efs_unmount_forced_array, Array, required: false
property :mode, String, default: "1777"

action :mount do
  return if on_docker?
  efs_shared_dir_array = new_resource.shared_dir_array.dup
  efs_fs_id_array = new_resource.efs_fs_id_array.dup
  efs_encryption_in_transit_array = new_resource.efs_encryption_in_transit_array.dup
  efs_iam_authorization_array = new_resource.efs_iam_authorization_array.dup
  efs_access_point_id_array = new_resource.efs_access_point_id_array.dup
  efs_mount_point_array = new_resource.efs_mount_point_array.dup

  efs_fs_id_array.each_with_index do |efs_fs_id, index|
    efs_shared_dir = efs_shared_dir_array[index]
    efs_encryption_in_transit = efs_encryption_in_transit_array[index] unless efs_encryption_in_transit_array.nil?
    efs_iam_authorization = efs_iam_authorization_array[index] unless efs_iam_authorization_array.nil?
    efs_access_point_id = efs_access_point_id_array[index] unless efs_access_point_id_array.nil?

    # Path needs to be fully qualified, for example "shared/temp" becomes "/shared/temp"
    efs_shared_dir = "/#{efs_shared_dir}" unless efs_shared_dir.start_with?('/')

    # See reference of mount options: https://docs.aws.amazon.com/efs/latest/ug/automount-with-efs-mount-helper.html
    mount_options = "_netdev,noresvport"
    if efs_encryption_in_transit == "true"
      mount_options += ",tls"
      # iam authorization requires tls
      if efs_iam_authorization == "true"
        mount_options += ",iam"
      end
      # accesspoint requires tls
      if efs_access_point_id != 'none'
        mount_options += ",accesspoint=#{efs_access_point_id}"
      end
    end

    mount_point = efs_mount_point_array.nil? ? "/" : efs_mount_point_array[index]

    # Create the EFS shared directory
    directory efs_shared_dir do
      owner 'root'
      group 'root'
      mode new_resource.mode
      recursive true
      action :create
    end unless ::File.directory?(efs_shared_dir)

    # Mount EFS over NFS
    mount efs_shared_dir do
      device "#{efs_fs_id}:#{mount_point}"
      fstype 'efs'
      options mount_options
      dump 0
      pass 0
      action :mount
      retries 10
      retry_delay 60 # increase to 60s because it takes about 5 minutes for a  managed EFS to be ready to mount after creation complete
      not_if "mount | grep ' #{efs_shared_dir} '"
    end

    # Enable the mount dir
    mount efs_shared_dir do
      device "#{efs_fs_id}:#{mount_point}"
      fstype 'efs'
      options mount_options
      dump 0
      pass 0
      action :enable
      retries 10
      retry_delay 6
      only_if "mount | grep ' #{efs_shared_dir} '"
    end

    # Make sure EFS shared directory permissions are correct
    directory "change permissions for #{efs_shared_dir}" do
      path efs_shared_dir
      owner 'root'
      group 'root'
      mode new_resource.mode
      only_if { node['cluster']['node_type'] == "HeadNode" }
    end
  end
end

action :unmount do
  return if on_docker?
  efs_shared_dir_array = new_resource.shared_dir_array.dup
  efs_shared_dir_array.each do |efs_shared_dir|
    # Path needs to be fully qualified, for example "shared/temp" becomes "/shared/temp"
    efs_shared_dir = "/#{efs_shared_dir}" unless efs_shared_dir.start_with?('/')
    # Unmount EFS
    file_utils "check active processes on #{efs_shared_dir}" do
      file efs_shared_dir
      action :check_active_processes
    end
    execute 'unmount efs' do
      command "umount -fl #{efs_shared_dir}"
      retries 10
      retry_delay 6
      timeout 60
      only_if "mount | grep ' #{efs_shared_dir} '"
    end
    # remove volume from fstab
    delete_lines "remove volume #{efs_shared_dir} from /etc/fstab" do
      path "/etc/fstab"
      pattern " #{efs_shared_dir} "
    end
    # Delete the EFS shared directory
    directory efs_shared_dir do
      owner 'root'
      group 'root'
      mode new_resource.mode
      recursive false
      action :delete
      only_if { Dir.exist?(efs_shared_dir.to_s) && Dir.empty?(efs_shared_dir.to_s) }
    end
  end
end