#!/usr/bin/python
##
## SecurePass CLI tools utilities
## Create/update SecurePass configuration file
## to be used in cloudinit, kickstart or similar technologies
##
## (c) 2013 Giuseppe Paterno' (gpaterno@gpaterno.com)
##          GARL Sagl (www.garl.ch)
##


import logging
from optparse import OptionParser
import ConfigParser
import sys, os
import fileinput


parser = OptionParser(usage="""Create/update SecurePass configuration file

%prog [options]""")


parser.add_option('-D', '--debug',
                  action='store_true', dest="debug_flag",
	              help="Enable debug output",)

parser.add_option('-c', '--config',
                  default='/etc/securepass.conf',
                  action='store', dest="configfile",
	              help="Config file",)

parser.add_option('-i', '--appid',
                  default=None,
                  action='store', dest="appid",
	              help="Application ID",)

parser.add_option('-e', '--endpoint',
                  default='https://beta.secure-pass.net',
                  action='store', dest="endpoint",
	              help="Endpoint URL",)

parser.add_option('-s', '--appsecret',
                  default=None,
                  action='store', dest="appsecret",
	              help="Application Secret",)

parser.add_option('-r', '--realm',
                  default=None,
                  action='store', dest="realm",
	              help="Default Domain/Realm (and allow NSS login)",)

parser.add_option('--root',
                  default=None,
                  action='store', dest="root",
	              help="Coma separated list of allowed root users",)


opts, args = parser.parse_args()


## Set debug
FORMAT = '%(asctime)-15s %(levelname)s: %(message)s'
if opts.debug_flag:
    logging.basicConfig(format=FORMAT, level=logging.DEBUG)
else:
    logging.basicConfig(format=FORMAT, level=logging.INFO)

# Fixup of the DEFAULT
def replace_word(infile,old_word,new_word):
    if not os.path.isfile(infile):
        print ("Error on replace_word, not a regular file: "+infile)
        sys.exit(1)

    f1=open(infile,'r').read()
    f2=open(infile,'w')
    m=f1.replace(old_word,new_word)
    f2.write(m)

## Open the file
config = ConfigParser.RawConfigParser()
logging.debug("Config file is: %s" % opts.configfile)

# Before updating, we need to setup default ot DEFAULT :(
# blaming configparser here :(
replace_word(opts.configfile, "[default]", "[DEFAULT]")

# Open and update
config.read(opts.configfile)

if opts.appid is not None:
    config.set("DEFAULT", "app_id", opts.appid)

if opts.appsecret is not None:
    config.set("DEFAULT", "app_secret", opts.appsecret)

# Endpoint
config.set("DEFAULT", "endpoint", opts.endpoint)

# Set the realm
if opts.realm is not None:
   # It might be that the section is just not there
   # if not, let's create and populate defaults
   if not config.has_section("nss"):
       config.add_section("nss")

   if not config.has_option("nss", "default_gid"):
       config.set("nss", "default_gid", 100)

   if not config.has_option("nss", "default_home"):
       config.set("nss", "default_home", '"/home"')

   if not config.has_option("nss", "default_shell"):
       config.set("nss", "default_shell", '"/bin/bash"')

   config.set("nss", "realm", opts.realm)

# Set root users
if opts.root is not None:
    # Create the section if is not there
    if not config.has_section("ssh"):
        config.add_section("ssh")

    config.set("ssh", "root", opts.root)

# Final write
with open(opts.configfile, 'w') as inifile:
   config.write(inifile)
    

# Fixup for [DEFAULT] in uppercase
replace_word(opts.configfile, "[DEFAULT]", "[default]")