# Licensed to Elasticsearch B.V. under one or more contributor
# license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright
# ownership. Elasticsearch B.V. licenses this file to you under
# the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#	http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

import logging
import os
import tempfile

from esrally.utils import process, io
from esrally import exceptions

LOGGER_NAME="rally.provisioner.security"

# Used for automatically create a certificate for the current Rally node.
instances_yml_template = """
instances:
  - name: "{node_name}"
    ip: 
      - "{node_ip}"  
"""


def resolve_binary(install_root, binary_name):
    return os.path.join(install_root, "bin", binary_name)


def install_certificates(config_names, variables, **kwargs):
    if "x-pack-security" not in config_names:
        return False
    logger = logging.getLogger(LOGGER_NAME)
    cert_binary = "elasticsearch-certutil"
    node_name = variables["node_name"]
    node_ip = variables["node_ip"]
    install_root = variables["install_root_path"]
    bundled_ca_path = os.path.join(os.path.dirname(__file__), "ca")
    x_pack_config_path = os.path.join(install_root, "config", "x-pack")

    logger.info("Installing certificates for node [%s].", node_name)
    instances_yml = os.path.join(tempfile.mkdtemp(), "instances.yml")
    with open(instances_yml, "w") as f:
        f.write(instances_yml_template.format(node_name=node_name, node_ip=node_ip))

    # Generate instance certificates based on a CA that is pre-bundled with Rally
    certutil = resolve_binary(install_root, cert_binary)
    cert_bundle = os.path.join(install_root, "node-cert.zip")

    return_code = process.run_subprocess_with_logging(
        '{certutil} cert --silent --in "{instances_yml}" --out="{cert_bundle}" --ca-cert="{ca_path}/ca.crt" '
        '--ca-key="{ca_path}/ca.key" --pass ""'.format(
            certutil=certutil,
            ca_path=bundled_ca_path,
            instances_yml=instances_yml,
            cert_bundle=cert_bundle), env=kwargs.get("env"))

    if return_code != 0:
        logger.error("%s has exited with code [%d]", cert_binary, return_code)
        raise exceptions.SystemSetupError(
            "Could not create certificate bundle for node [{}]. Please see the log for details.".format(node_name))

    io.decompress(cert_bundle, x_pack_config_path)

    # Success
    return True


def add_rally_user(config_names, variables, **kwargs):
    if "x-pack-security" not in config_names:
        return False
    logger = logging.getLogger(LOGGER_NAME)
    users_binary = "elasticsearch-users"
    user_name = variables.get("xpack_security_user_name", "rally")
    user_password = variables.get("xpack_security_user_password", "rally-password")
    user_role = variables.get("xpack_security_user_role", "superuser")
    install_root = variables["install_root_path"]
    logger.info("Adding user '%s'.",user_name)
    users = resolve_binary(install_root, users_binary)

    return_code = process.run_subprocess_with_logging(
        '{users} useradd {user_name} -p "{user_password}"'.format(
            users=users,
            user_name=user_name,
            user_password=user_password
        ),
        env=kwargs.get("env"))
    if return_code != 0:
        logger.error("%s has exited with code [%d]", users_binary, return_code)
        raise exceptions.SystemSetupError("Could not add user '{}'. Please see the log for details.".format(user_name))

    return_code = process.run_subprocess_with_logging(
        '{users} roles {user_name} -a {user_role}'.format(
            users=users,
            user_name=user_name,
            user_role=user_role
        ),
        env=kwargs.get("env"))
    if return_code != 0:
        logger.error("%s has exited with code [%d]", users_binary, return_code)
        raise exceptions.SystemSetupError(
            "Could not add role '{user_role}' for user '{user_name}'. Please see the log for details.".format(
                user_role=user_role,
                user_name=user_name
            ))

    return True


def register(registry):
    registry.register("post_install", install_certificates)
    registry.register("post_install", add_rally_user)