#    Copyright 2017 FUJITSU LIMITED
#    All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
#

from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
from osc_lib.utils import columns as column_util
from oslo_log import log as logging

from neutronclient._i18n import _
from neutronclient.common import utils as nc_utils
from neutronclient.osc import utils as osc_utils
from neutronclient.osc.v2.vpnaas import utils as vpn_utils


LOG = logging.getLogger(__name__)

_attr_map = (
    ('id', 'ID', column_util.LIST_BOTH),
    ('name', 'Name', column_util.LIST_BOTH),
    ('auth_algorithm', 'Authentication Algorithm', column_util.LIST_BOTH),
    ('encapsulation_mode', 'Encapsulation Mode', column_util.LIST_BOTH),
    ('transform_protocol', 'Transform Protocol', column_util.LIST_BOTH),
    ('encryption_algorithm', 'Encryption Algorithm', column_util.LIST_BOTH),
    ('pfs', 'Perfect Forward Secrecy (PFS)', column_util.LIST_LONG_ONLY),
    ('description', 'Description', column_util.LIST_LONG_ONLY),
    ('tenant_id', 'Project', column_util.LIST_LONG_ONLY),
    ('lifetime', 'Lifetime', column_util.LIST_LONG_ONLY),
)


def _convert_to_lowercase(string):
    return string.lower()


def _get_common_parser(parser):
    parser.add_argument(
        '--description',
        metavar='<description>',
        help=_('Description of the IPsec policy'))
    parser.add_argument(
        '--auth-algorithm',
        choices=['sha1', 'sha256', 'sha384', 'sha512'],
        type=_convert_to_lowercase,
        help=_('Authentication algorithm for IPsec policy'))
    parser.add_argument(
        '--encapsulation-mode',
        choices=['tunnel', 'transport'],
        type=_convert_to_lowercase,
        help=_('Encapsulation mode for IPsec policy'))
    parser.add_argument(
        '--encryption-algorithm',
        choices=['3des', 'aes-128', 'aes-192', 'aes-256'],
        type=_convert_to_lowercase,
        help=_('Encryption algorithm for IPsec policy'))
    parser.add_argument(
        '--lifetime',
        metavar="units=UNITS,value=VALUE",
        type=nc_utils.str2dict_type(optional_keys=['units', 'value']),
        help=vpn_utils.lifetime_help("IPsec"))
    parser.add_argument(
        '--pfs',
        choices=['group2', 'group5', 'group14'],
        type=_convert_to_lowercase,
        help=_('Perfect Forward Secrecy for IPsec policy'))
    parser.add_argument(
        '--transform-protocol',
        type=_convert_to_lowercase,
        choices=['esp', 'ah', 'ah-esp'],
        help=_('Transform protocol for IPsec policy'))


def _get_common_attrs(client_manager, parsed_args, is_create=True):
    attrs = {}
    if is_create:
        if 'project' in parsed_args and parsed_args.project is not None:
            attrs['tenant_id'] = osc_utils.find_project(
                client_manager.identity,
                parsed_args.project,
                parsed_args.project_domain,
            ).id
    if parsed_args.description:
        attrs['description'] = str(parsed_args.description)
    if parsed_args.auth_algorithm:
        attrs['auth_algorithm'] = parsed_args.auth_algorithm
    if parsed_args.encapsulation_mode:
        attrs['encapsulation_mode'] = parsed_args.encapsulation_mode
    if parsed_args.transform_protocol:
        attrs['transform_protocol'] = parsed_args.transform_protocol
    if parsed_args.encryption_algorithm:
        attrs['encryption_algorithm'] = parsed_args.encryption_algorithm
    if parsed_args.pfs:
        attrs['pfs'] = parsed_args.pfs
    if parsed_args.lifetime:
        vpn_utils.validate_lifetime_dict(parsed_args.lifetime)
        attrs['lifetime'] = parsed_args.lifetime
    return attrs


class CreateIPsecPolicy(command.ShowOne):
    _description = _("Create an IPsec policy")

    def get_parser(self, prog_name):
        parser = super(CreateIPsecPolicy, self).get_parser(prog_name)
        _get_common_parser(parser)
        parser.add_argument(
            'name',
            metavar='<name>',
            help=_('Name of the IPsec policy'))
        osc_utils.add_project_owner_option_to_parser(parser)
        return parser

    def take_action(self, parsed_args):
        client = self.app.client_manager.neutronclient
        attrs = _get_common_attrs(self.app.client_manager, parsed_args)
        if parsed_args.name:
            attrs['name'] = str(parsed_args.name)
        obj = client.create_ipsecpolicy({'ipsecpolicy': attrs})['ipsecpolicy']
        columns, display_columns = column_util.get_columns(obj, _attr_map)
        data = utils.get_dict_properties(obj, columns)
        return display_columns, data


class DeleteIPsecPolicy(command.Command):
    _description = _("Delete IPsec policy(policies)")

    def get_parser(self, prog_name):
        parser = super(DeleteIPsecPolicy, self).get_parser(prog_name)
        parser.add_argument(
            'ipsecpolicy',
            metavar='<ipsec-policy>',
            nargs='+',
            help=_('ipsec policy to delete (name or ID)'))
        return parser

    def take_action(self, parsed_args):
        client = self.app.client_manager.neutronclient
        result = 0
        for ipsec in parsed_args.ipsecpolicy:
            try:
                ipsec_id = client.find_resource(
                    'ipsecpolicy', ipsec, cmd_resource='ipsecpolicy')['id']
                client.delete_ipsecpolicy(ipsec_id)
            except Exception as e:
                result += 1
                LOG.error(_("Failed to delete IPsec policy with "
                            "name or ID '%(ipsecpolicy)s': %(e)s"),
                          {'ipsecpolicy': ipsec, 'e': e})

        if result > 0:
            total = len(parsed_args.ipsecpolicy)
            msg = (_("%(result)s of %(total)s IPsec policy failed "
                     "to delete.") % {'result': result, 'total': total})
            raise exceptions.CommandError(msg)


class ListIPsecPolicy(command.Lister):
    _description = _("List IPsec policies that belong to a given project")

    def get_parser(self, prog_name):
        parser = super(ListIPsecPolicy, self).get_parser(prog_name)
        parser.add_argument(
            '--long',
            action='store_true',
            default=False,
            help=_("List additional fields in output")
        )
        return parser

    def take_action(self, parsed_args):
        client = self.app.client_manager.neutronclient
        obj = client.list_ipsecpolicies()['ipsecpolicies']
        headers, columns = column_util.get_column_definitions(
            _attr_map, long_listing=parsed_args.long)
        return (headers, (utils.get_dict_properties(s, columns) for s in obj))


class SetIPsecPolicy(command.Command):
    _description = _("Set IPsec policy properties")

    def get_parser(self, prog_name):
        parser = super(SetIPsecPolicy, self).get_parser(prog_name)
        _get_common_parser(parser)
        parser.add_argument(
            '--name',
            metavar='<name>',
            help=_('Name of the IPsec policy'))
        parser.add_argument(
            'ipsecpolicy',
            metavar='<ipsec-policy>',
            help=_('IPsec policy to set (name or ID)'))
        return parser

    def take_action(self, parsed_args):
        client = self.app.client_manager.neutronclient
        attrs = _get_common_attrs(self.app.client_manager,
                                  parsed_args, is_create=False)
        if parsed_args.name:
            attrs['name'] = str(parsed_args.name)
        ipsec_id = client.find_resource(
            'ipsecpolicy', parsed_args.ipsecpolicy,
            cmd_resource='ipsecpolicy')['id']
        try:
            client.update_ipsecpolicy(ipsec_id, {'ipsecpolicy': attrs})
        except Exception as e:
            msg = (_("Failed to set IPsec policy '%(ipsec)s': %(e)s")
                   % {'ipsec': parsed_args.ipsecpolicy, 'e': e})
            raise exceptions.CommandError(msg)


class ShowIPsecPolicy(command.ShowOne):
    _description = _("Display IPsec policy details")

    def get_parser(self, prog_name):
        parser = super(ShowIPsecPolicy, self).get_parser(prog_name)
        parser.add_argument(
            'ipsecpolicy',
            metavar='<ipsec-policy>',
            help=_('IPsec policy to display (name or ID)'))
        return parser

    def take_action(self, parsed_args):
        client = self.app.client_manager.neutronclient
        ipsec_id = client.find_resource(
            'ipsecpolicy', parsed_args.ipsecpolicy,
            cmd_resource='ipsecpolicy')['id']
        obj = client.show_ipsecpolicy(ipsec_id)['ipsecpolicy']
        columns, display_columns = column_util.get_columns(obj, _attr_map)
        data = utils.get_dict_properties(obj, columns)
        return (display_columns, data)