import socket

import paramiko

import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    '.molecule/ansible_inventory').get_hosts('parameters-mandatory')


def test_apt_proxy(File):
    """
    Tests if proxy configuration for apt is missing.
    """

    assert not File('/etc/apt/apt.conf.d/00proxy').exists


def test_bash_prompt_content(File):
    """
    Tests if bash prompt configuration file has not colouring and ID information
    contained within.
    """

    bash_prompt = File('/etc/profile.d/bash_prompt.sh')

    assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\[\\033[0m\\]\\u@\\h:\\w\\$ \\[\\033[0m\\]'" in bash_prompt.content
    assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\u@\\h:\\w\\$ '" in bash_prompt.content


def test_ssh_login_mechanisms():
    """
    Tests available SSH login mechanisms (should be just public key).
    """

    sock = socket.socket()
    sock.connect(('10.31.127.3', 22))

    transport = paramiko.transport.Transport(sock)
    transport.connect()

    try:
        transport.auth_none('')
    except paramiko.transport.BadAuthenticationType, err:
        assert err.allowed_types == ['publickey']


def test_mariadb_mysql_config_symlink(File, Sudo):
    """
    Tests if symbolic link has been set-up for mariadb_config binary to be
    accessible as mysql_config as well. (should not be present with just
    mandatory options set).
    """

    mysql_config = File('/usr/bin/mysql_config')

    assert not mysql_config.exists


def test_emacs_electric_indent_mode(File):
    """
    Tests if Emacs electric indent mode has been disabled via custom
    configuration file. With just mandatory options set, the file should not be
    present.
    """

    emacs_config = File('/etc/emacs/site-start.d/01disable-electric-indent-mode')

    assert not emacs_config.exists


def test_ferm_base_rules(Command, File, Sudo):
    """
    Test if base ferm configuration has been deployed correctly (content-wise).
    """

    with Sudo():
        ferm_base = File('/etc/ferm/conf.d/00-base.conf')

        assert "mod hashlimit hashlimit 3/second hashlimit-burst 9" in ferm_base.content

        iptables = Command('iptables-save')

        assert iptables.rc == 0
        assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
            "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
        assert "-A flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
            "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout

        ip6tables = Command('ip6tables-save')
        assert ip6tables.rc == 0
        assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
            "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
        assert "-A flood -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
            "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in ip6tables.stdout


def test_pipreqcheck_virtualenv_user(Group, User):
    """
    Tests if user/group for running the pip requirements upgrade checks have
    been created correctly.
    """

    group = Group('pipreqcheck')
    assert group.exists
    assert group.gid == 1001

    user = User('pipreqcheck')
    assert user.exists
    assert user.home == '/var/lib/pipreqcheck'
    assert user.uid == 1001
    assert user.group == 'pipreqcheck'
    assert user.groups == ['pipreqcheck']


def test_backup_configuration_absent(File, Sudo):
    """
    Tests if backup configuration is absent. This should be the case when only
    mandatory parameters are provided.
    """

    with Sudo():
        assert not File('/etc/duply/main/patterns/common').exists