from json import loads
from os.path import join

from bundlewrap.metadata import atomic

defaults = {
    'apt': {
        'repos': {
            'icinga2': {
                'items': {
                    'deb http://packages.icinga.com/{os} icinga-{os_release} main',
                    'deb-src http://packages.icinga.com/{os} icinga-{os_release} main',
                },
            },
        },
        'packages': {
            'icinga2': {},
            'icinga2-ido-pgsql': {},
            'icingaweb2': {},
            'icingaweb2-module-monitoring': {},

            # neeeded for statusmonitor
            'python3-flask': {},
        }
    },
    'icinga2': {
        'api_users': {
            'root': {
                'password': repo.vault.password_for(f'{node.name} icinga2 api root'),
                'permissions': {
                    '*',
                },
            },
        },
    },
    'icinga2_api': {
        'icinga2': {
            'services': {
                'SIPGATE ACCOUNT BALANCE': {
                    'check_command': 'check_sipgate_account_balance',
                    'check_interval': '30m',
                    'vars.notification.mail': True,
                },
                'ICINGA STATUSMONITOR': {
                    'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit icinga_statusmonitor',
                },
                'IDO-PGSQL': {
                    'check_command': 'ido',
                    'vars.ido_type': 'IdoPgsqlConnection',
                    'vars.ido_name': 'ido-pgsql',
                    'vars.ido_pending_queries_warning': 25,
                    'vars.ido_pending_queries_critical': 50,
                },
            },
        },
    },
    'icingaweb2': {
        'setup-token': repo.vault.password_for(f'{node.name} icingaweb2 setup-token'),
    },
    'postgresql': {
        'roles': {
            'icinga2': {
                'password': repo.vault.password_for(f'{node.name} postgresql icinga2'),
            },
        },
        'databases': {
            'icingaweb2': {
                'owner': 'icinga2',
            },
            'icinga2': {
                'owner': 'icinga2',
            },
        },
    },
}

if node.has_bundle('telegraf'):
    defaults['icinga2']['api_users']['telegraf'] = {
        'password': repo.vault.password_for(f'{node.name} icinga2 api telegraf'),
        'permissions': {
            'objects/Services',
        },
    }

    defaults['telegraf'] = {
        'input_plugins': {
            'builtin': {
                'icinga2': [{
                    'server': 'https://127.0.0.1:5665',
                    'object_type': 'services',
                    'username': 'telegraf',
                    'password': repo.vault.password_for(f'{node.name} icinga2 api telegraf'),
                    'insecure_skip_verify': True,
                }],
            },
        },
    }

@metadata_reactor.provides(
    'icinga2/icinga_users',
)
def add_users_from_json(metadata):
    with open(join(repo.path, 'users.json'), 'r') as f:
        json = loads(f.read())

    users = {}
    for uname, config in json.items():
        users[uname] = {
            'email': '',
            'phone': '',
            'is_admin': config.get('is_admin', False),
        }

        if 'email' in config:
            users[uname]['email'] = repo.vault.decrypt(config['email'])
        if 'phone' in config:
            users[uname]['phone'] = repo.vault.decrypt(config['phone'])

    return {
        'icinga2': {
            'icinga_users': users,
        },
    }


@metadata_reactor.provides(
    'iptables/port_rules/5665',
)
def iptables(metadata):
    return {
        'iptables': {
            'port_rules': {
                '5665': atomic(metadata.get('icinga2/restrict-to', set())),
            },
        },
    }