#!/usr/bin/python
# coding: utf-8

# (c) 2022, Johanna Dorothea Reichmann <transcaffeine@finally.coffee>

__metaclass__ = type

import traceback

from ansible.module_utils.basic import AnsibleModule

from ansible_collections.finallycoffee.proxmox.plugins.module_utils.common import *
from ansible_collections.finallycoffee.proxmox.plugins.module_utils.proxmox_datacenter_realm import *


LIB_IMP_ERR = None
try:
    from ansible_collections.finallycoffee.proxmox.plugins.module_utils.proxmox_datacenter_realm import do_realm_sync
    HAS_LIB = True
except:
    HAS_LIB = False
    LIB_IMP_ERR = traceback.format_exc()


DOCUMENTATION = r'''
---
module: realm_sync
author:
- Johanna Dorothea Reichmann (transcaffeine@finally.coffee)
requirements:
    - python >= 3.9
short_description: Ensures a realm is synchronized
description:
    - "Allows synchronizing users, groups or both using the realm sync mechanism"
options:
    proxmox_instance:
        description: Location of the proxmox API with scheme, domain name/ip and port, e.g. https://localhost:8006
        type: str
        required: true
    proxmox_api_token_id:
        description: The token ID containing username, realm and token name (format: user@realm!name)
        type: str
        required: true
    proxmox_api_secret:
        description: The secret
        type: str
        required: true
    proxmox_api_verify_cert:
        description: If the certificate presented for `proxmox_instance_url` should be verified
        type: bool
        required: false
        default: true
    name:
        description: Realm to schedule synchronize job for
        type: str
        required: true
    config:
        description: >-
          Configuration for the synchronization. See
          https://pve.proxmox.com/pve-docs/api-viewer/index.html#/access/domains/{realm}/sync
          for a list of parameters
        type: dict[str, str]
        required: true
'''

EXAMPLES = r'''
- name: Sync only users on realm 'org_ldap', deleting users who can't be found amymore
  finallycoffee.proxmox.realm_sync:
    proxmox_instance: https://my.proxmox-node.local:8006
    promox_api_token_id: root@pam!token
    proxmox_api_secret: supersecuretokencontent
    realms: org_ldap
    config:
      enable-new: true
      remove-vanished: entry
      scope: users

- name: Sync groups and users and delete all ACLs on vanished groups and/or users
  finallycoffee.proxmox.realm_sync:
    proxmox_instance: https://my.proxmox-node.local:8006
    promox_api_token_id: root@pam!token
    proxmox_api_secret: supersecuretokencontent
    realm: org_ldap
    config:
      enable-new: true
      remove-vanished: acl;properties;entry
      scope: both
'''

RETURN = r'''

'''


def main():
    _ = dict
    module = AnsibleModule(
        argument_spec=_(
            proxmox_instance=_(required=True, type='str'),
            proxmox_api_token_id=_(required=True, type='str'),
            proxmox_api_secret=_(type='str', required=True, no_log=True),
            proxmox_api_verify_cert=_(type='bool', required=False, default=True),
            name=_(required=True, type='str'),
            config=_(required=True, type='dict')
        ),
        supports_check_mode=True
    )

    result = _(
        changed=False,
        diff={},
        message=''
    )

    try:
        do_realm_sync(ProxmoxAuthInfo(
            module.params['proxmox_instance'],
            module.params['proxmox_api_token_id'],
            module.params['proxmox_api_secret'],
            module.params['proxmox_api_verify_cert'],
        ),
        module.params['name'],
        module.params['config'],
        module.check_mode)
    except IOError as owie:
        result['msg'] = owie
        module.exit_json(**result)

    result['changed'] = True

    module.exit_json(**result)


if __name__ == '__main__':
    main()