from re import sub

svc_systemd = {
    'slapd': {
        'needs': {
            'file:/etc/ldap/slapd.conf',
            'file:/etc/ldap/ssl/{}.crt.pem'.format(node.metadata.get('openldap/ssl')),
            'file:/etc/ldap/ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')),
            'file:/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')),
            'pkg_apt:slapd',
        },
    },
}

directories = {
    '/etc/ldap/ssl': {
        'purge': True,
    },
}

files = {
    '/etc/default/slapd': {
        'source': 'etc-default-slapd',
        'triggers': {
            'svc_systemd:slapd:restart',
        },
    },
    '/etc/ldap/slapd.d': {
        'delete': True,
        'needs': {
            'pkg_apt:slapd',
        },
    },
    '/etc/ldap/slapd.conf': {
        'content_type': 'mako',
        'context': {
            'conf': node.metadata.get('openldap'),
        },
        'needs': {
            'pkg_apt:slapd',
        },
        'triggers': {
            'svc_systemd:slapd:restart',
        },
    },
    '/etc/ldap/ssl/{}.crt.pem'.format(node.metadata.get('openldap/ssl')): {
        'owner': 'openldap',
        'mode': '0440',
        # Those files can exist independently, but the private
        # key might come from a Fault and we must make sure to
        # put matching private and public keys on the system.
        'needs': {
            'file:/etc/ldap/ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')),
            'file:/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')),
        },
        'triggers': {
            'svc_systemd:slapd:restart',
        },
        'source': 'ssl/{}.crt.pem'.format(node.metadata.get('openldap/ssl')),
    },
    '/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')): {
        'owner': 'openldap',
        'mode': '0440',
        'content': repo.vault.decrypt_file('ssl/{}.key.pem.vault'.format(node.metadata.get('openldap/ssl'))),
        'needs': {
            'pkg_apt:slapd',
        },
    },
    '/etc/ldap/ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')): {
        'owner': 'openldap',
        'mode': '0440',
        # Those files can exist independently, but the private
        # key might come from a Fault and we must make sure to
        # put matching private and public keys on the system.
        'needs': {
            'file:/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')),
        },
        'source': 'ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')),
    },
    '/usr/local/sbin/slapdump': {
        'mode': '0755',
    },
}

for schema in node.metadata.get('openldap/schemas', {}):
    files['/etc/ldap/schema/{}.schema'.format(schema)] = {
        'source': '{}.schema'.format(schema),
        'triggers': {
            'svc_systemd:slapd:restart',
        },
    }

directories = {
    '/var/tmp/ldapdumps': {
        'mode': '0700',
    },
}

users = {
    'openldap': {
        'needs': {
            'pkg_apt:slapd',
        },
        'triggers': {
            'svc_systemd:slapd:restart',
        },
    },
}

for database in node.metadata.get('openldap/backup', set()):
    cleaned = sub('[^a-zA-Z0-9]', '_', database)
    files[f'/etc/backup-pre-hooks.d/50-ldapdump-{cleaned}'] = {
        'content': f'#!/bin/sh\n/usr/local/sbin/slapdump {database}\n',
        'mode': '0755',
    }