#!/usr/bin/python
# coding: utf-8

# (c) 2022, Johanna Dorothea Reichmann <transcaffeine@finally.coffee>

__metaclass__ = type

import traceback

from ansible.module_utils.basic import AnsibleModule

from ansible_collections.finallycoffee.proxmox.plugins.module_utils.common import *
from ansible_collections.finallycoffee.proxmox.plugins.module_utils.proxmox_datacenter_realm import *


LIB_IMP_ERR = None
try:
    from ansible_collections.finallycoffee.proxmox.plugins.module_utils.proxmox_datacenter_realm import set_realm_data
    HAS_LIB = True
except:
    HAS_LIB = False
    LIB_IMP_ERR = traceback.format_exc()


DOCUMENTATION = r'''
---
module: realm
author:
- Johanna Dorothea Reichmann (transcaffeine@finally.coffee)
requirements:
    - python >= 3.9
short_description: Configures an authentication realm in a proxmox node
description:
    - "Configue realm in a proxmox instance"
options:
    proxmox_instance:
        description: Location of the proxmox API with scheme, domain name/ip and port, e.g. https://localhost:8006
        type: str
        required: true
    proxmox_api_token_id:
        description: The token ID containing username, realm and token name (format: user@realm!name)
        type: str
        required: true
    proxmox_api_secret:
        description: The secret
        type: str
        required: true
    proxmox_api_verify_cert:
        description: If the certificate presented for `proxmox_instance_url` should be verified
        type: bool
        required: false
        default: true
    name:
        description: Realm to retrieve information about. If left omitted, return all realms
        type: str
        required: false
    config:
        description: Configuration of the realm, including it's `type`. See https://pve.proxmox.com/pve-docs/api-viewer/index.html#/access/domains for a list of config options
        type: dict[str, str]
        required: true
    state:
        description: If the realm should be present or absent
        type: str
        choices: [present, absent]
        default: present
        required: false
'''

EXAMPLES = r'''
- name: Configure LDAP realm
  finallycoffee.proxmox.realm:
    proxmox_instance: https://my.proxmox-node.local:8006
    promox_api_token_id: root@pam!token
    proxmox_api_secret: supersecuretokencontent
    realms: org_ldap
    config:
      type: ldap
      comment: Long description of the authentication source
      base_dn: dc=myorg,dc=de
      bind_dn: uid=proxmox,dc=services,dc=myorg,dc=de
      passwort: supersecret
      mode: ldap
      server1: ldap.myorg.de
      port: 389
      default: 1
      user_attr: uid
- name: Configure OIDC realm
  finallycoffee.proxmox.realm:
    proxmox_instance: https://my.proxmox-node.local:8006
    promox_api_token_id: root@pam!token
    proxmox_api_secret: supersecuretokencontent
    realm: external_oidc
    config:
      type: openid
      issuer-url: https://idp.my-org.de/issuer
      client_id: myapp
      client_key: secret
      scopes: profile email
      username-claim: sub
'''

RETURN = r'''
realm:
    description: The updated/created realm
    returned: When realms were found (matching the filter)
    type: list
    elements: dict[str, str, str, str]

'''


def main():
    _ = dict
    module = AnsibleModule(
        argument_spec=_(
            proxmox_instance=_(required=True, type='str'),
            proxmox_api_token_id=_(required=True, type='str'),
            proxmox_api_secret=_(type='str', required=True, no_log=True),
            proxmox_api_verify_cert=_(type='bool', required=False, default=True),
            name=_(required=True, type='str'),
            config=_(required=True, type='dict'),
            state=_(type='str', required=False, default='present', choices=['present', 'absent'])
        ),
        supports_check_mode=True
    )

    result = _(
        changed=False,
        diff={},
        message=''
    )

    realms = []
    try:
        realm_change = set_realm_data(ProxmoxAuthInfo(
            module.params['proxmox_instance'],
            module.params['proxmox_api_token_id'],
            module.params['proxmox_api_secret'],
            module.params['proxmox_api_verify_cert'],
        ),
        module.params['name'],
        module.params['config'],
        module.check_mode,
        module.params['state'])
    except IOError as owie:
        result['msg'] = owie
        module.exit_json(**result)

    diff_excluded_keys = ['name', 'password', 'digest']
    result['realm'] = realm_change[1]
    result['diff'] = {
        'before_header': f"{realm_change[0].get('name', module.params['name'])}@{realm_change[0]['type']}" if realm_change[0] and 'type' in realm_change[0] else '',
        'after_header': f"{realm_change[1].get('name', module.params['name'])}@{realm_change[1]['type']}" if realm_change[1] and 'type' in realm_change[1] else '',
        'before': {k: v for k, v in realm_change[0].items() if k not in diff_excluded_keys} if realm_change[0] else realm_change[0],
        'after': {k: v for k, v in realm_change[1].items() if k not in diff_excluded_keys} if realm_change[1] else realm_change[1],
    }
    result['changed'] = realm_change[0] != realm_change[1]

    module.exit_json(**result)


if __name__ == '__main__':
    main()