import os

import testinfra.utils.ansible_runner

import pytest


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory', 'parameters-optional'])


def test_pam_umask(host):
    """
    Tests configuration of PAM umask module.
    """

    pam_auth_update_config = host.file('/usr/share/pam-configs/umask')
    assert pam_auth_update_config.exists
    assert pam_auth_update_config.user == 'root'
    assert pam_auth_update_config.group == 'root'
    assert pam_auth_update_config.mode == 0o644

    assert host.file('/etc/pam.d/common-session').contains('session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')
    assert host.file('/etc/pam.d/common-session-noninteractive').contains('session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')


def test_login_umask(host):
    """
    Tests set-up of default UMASK via /etc/login.defs.
    """

    assert host.file('/etc/login.defs').contains('UMASK[[:blank:]]\+027')


def test_adduser_umask(host):
    """
    Tests UMASK configuration used for creating user home directory.
    """

    assert host.file('/etc/adduser.conf').contains('DIR_MODE=0750')


def test_bash_prompt(host):
    """
    Tests file permissions on custom bash prompt configuration.
    """

    bash_prompt = host.file('/etc/profile.d/bash_prompt.sh')

    assert bash_prompt.exists
    assert bash_prompt.user == 'root'
    assert bash_prompt.group == 'root'
    assert bash_prompt.mode == 0o644


def test_home_profile_d(host):
    """
    Tests deployment of special profile file used for enabling profile.d-like
    capability in user's home directory.
    """

    home_profile_d = host.file('/etc/profile.d/z99-user_profile_d.sh')

    assert home_profile_d.is_file
    assert home_profile_d.user == 'root'
    assert home_profile_d.group == 'root'
    assert home_profile_d.mode == 0o644


def test_home_skeleton_bashrc(host):
    """
    Tests deployment of home directory skeleton bashrc.
    """

    bashrc = host.file('/etc/skel/.bashrc')

    assert bashrc.is_file
    assert bashrc.user == 'root'
    assert bashrc.group == 'root'
    assert bashrc.mode == 0o644
    assert bashrc.sha256sum == '4f946fb387a413c8d7633787d8e8a7785c256d77f7c6a692822ffdb439c78277'


def test_default_bashrc(host):
    """
    Tests deployment of default bashrc file.
    """

    bashrc = host.file('/etc/bash.bashrc')

    assert bashrc.is_file
    assert bashrc.user == 'root'
    assert bashrc.group == 'root'
    assert bashrc.mode == 0o644


def test_root_bashrc(host):
    """
    Tests overwriting of root's bashrc configuration with default one.
    """

    with host.sudo():
        bashrc = host.file('/root/.bashrc')

        assert bashrc.is_file
        assert bashrc.user == 'root'
        assert bashrc.group == 'root'
        assert bashrc.mode == 0o640
        assert bashrc.sha256sum == '4f946fb387a413c8d7633787d8e8a7785c256d77f7c6a692822ffdb439c78277'


def test_installed_packages(host):
    """
    Tests installation of required packages.
    """

    assert host.package('sudo').is_installed
    assert host.package('ssl-cert').is_installed
    assert host.package('rcconf').is_installed
    assert host.package('ferm').is_installed
    assert host.package('apticron').is_installed
    assert host.package('virtualenv').is_installed


def test_root_remote_login_disabled(host):
    """
    Tests if SSH server has been configured to prevent remote root logins.
    """

    assert 'PermitRootLogin no' in host.file('/etc/ssh/sshd_config').content


def test_remote_login_via_password_disabled(host):
    """
    Tests if SSH server has been configured to disable password-based
    authentication.
    """

    assert 'PasswordAuthentication no' in host.file('/etc/ssh/sshd_config').content


def test_ferm_service_configuration(host):

    ferm_service_config = host.file('/etc/default/ferm')

    assert ferm_service_config.is_file
    assert ferm_service_config.user == 'root'
    assert ferm_service_config.group == 'root'
    assert ferm_service_config.mode == 0o644
    assert 'FAST=yes' in ferm_service_config.content
    assert 'CACHE=no' in ferm_service_config.content
    assert 'ENABLED="yes"' in ferm_service_config.content


def test_ferm_configuration_directory(host):
    """
    Tests creation of ferm configuration directory.
    """

    with host.sudo():
        ferm_dir = host.file('/etc/ferm/conf.d')

        assert ferm_dir.is_directory
        assert ferm_dir.user == 'root'
        assert ferm_dir.group == 'root'
        assert ferm_dir.mode == 0o750


def test_ferm_configuration(host):
    """
    Tests deployment of basic ferm configuration files.
    """

    with host.sudo():

        ferm_configuration = host.file('/etc/ferm/ferm.conf')
        assert ferm_configuration.is_file
        assert ferm_configuration.user == 'root'
        assert ferm_configuration.group == 'root'
        assert ferm_configuration.mode == 0o640
        assert "@include '/etc/ferm/conf.d/';" in ferm_configuration.content

        ferm_base = host.file('/etc/ferm/conf.d/00-base.conf')
        assert ferm_base.is_file
        assert ferm_base.user == 'root'
        assert ferm_base.group == 'root'
        assert ferm_base.mode == 0o640


def test_ferm_service(host):
    """
    Tests if ferm is started and enabled to start automatically on boot.
    """

    ferm = host.service('ferm')

    assert ferm.is_running
    assert ferm.is_enabled


def test_check_certificate_script(host):

    check_certificate = host.file('/usr/local/bin/check_certificate.sh')

    assert check_certificate.is_file
    assert check_certificate.user == 'root'
    assert check_certificate.group == 'root'
    assert check_certificate.mode == 0o755


def test_check_certificate_directory(host):

    check_certificate_dir = host.file('/etc/check_certificate')

    assert check_certificate_dir.is_directory
    assert check_certificate_dir.user == 'root'
    assert check_certificate_dir.group == 'root'
    assert check_certificate_dir.mode == 0o755


def test_check_certificate_crontab(host):
    """
    Tests deployment of cron job for checking certificates.
    """

    check_certificate_crontab = host.file('/etc/cron.d/check_certificate')

    assert check_certificate_crontab.is_file
    assert check_certificate_crontab.user == 'root'
    assert check_certificate_crontab.group == 'root'
    assert check_certificate_crontab.mode == 0o644
    assert "0 0 * * * nobody /usr/local/bin/check_certificate.sh -q expiration" in check_certificate_crontab.content


@pytest.mark.parametrize('virtualenv_activate_path', [
    '/var/lib/pipreqcheck/virtualenv/bin/activate',
    '/var/lib/pipreqcheck/virtualenv-py3/bin/activate',
])
def test_pipreqcheck_virtualenv(host, virtualenv_activate_path):
    """
    Tests creation of Python virtual environment used for performing pip
    requirements upgrade checks.
    """

    with host.sudo():
        virtualenv_activate = host.file(virtualenv_activate_path)

        assert virtualenv_activate.is_file
        assert virtualenv_activate.user == 'pipreqcheck'
        assert virtualenv_activate.group == 'pipreqcheck'
        # @TODO: Possibly due to some timing issues, this file might
        # sometimes end-up being 0640, sometimes 0644.
        # assert virtualenv_activate.mode == 0o644


@pytest.mark.parametrize('config_dir', [
    '/etc/pip_check_requirements_upgrades',
    '/etc/pip_check_requirements_upgrades-py3',
])
def test_pipreqcheck_directories(host, config_dir):
    """
    Tests creation of directories used for storing configuration used by script
    that performs pip requirements upgrade checks.
    """

    with host.sudo():
        pipreqcheck_config_directory = host.file(config_dir)
        assert pipreqcheck_config_directory.is_directory
        assert pipreqcheck_config_directory.user == 'root'
        assert pipreqcheck_config_directory.group == 'pipreqcheck'
        assert pipreqcheck_config_directory.mode == 0o750

        pipreqcheck_config_directory_pipreqcheck = host.file(os.path.join(config_dir, 'pipreqcheck'))
        assert pipreqcheck_config_directory_pipreqcheck.is_directory
        assert pipreqcheck_config_directory_pipreqcheck.user == 'root'
        assert pipreqcheck_config_directory_pipreqcheck.group == 'pipreqcheck'
        assert pipreqcheck_config_directory_pipreqcheck.mode == 0o750


@pytest.mark.parametrize('requirements_in_path, requirements_txt_path', [
    ('/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.in',
     '/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.txt'),
    ('/etc/pip_check_requirements_upgrades-py3/pipreqcheck/requirements.in',
     '/etc/pip_check_requirements_upgrades-py3/pipreqcheck/requirements.txt'),
])
def test_pipreqcheck_requirements(host, requirements_in_path, requirements_txt_path):
    """
    Tests deployment of requirements input and text file used for virtual
    environment utilised by script that perform pip requirements upgrade checks.
    """

    with host.sudo():
        requirements_in = host.file(requirements_in_path)
        assert requirements_in.is_file
        assert requirements_in.user == 'root'
        assert requirements_in.group == 'pipreqcheck'
        assert requirements_in.mode == 0o640

        requirements_txt = host.file(requirements_txt_path)
        requirements_txt.is_file
        assert requirements_txt.user == 'root'
        assert requirements_txt.group == 'pipreqcheck'
        assert requirements_txt.mode == 0o640


@pytest.mark.parametrize('pip_path', [
    '/var/lib/pipreqcheck/virtualenv/bin/pip',
    '/var/lib/pipreqcheck/virtualenv-py3/bin/pip',
])
def test_pipreqcheck_packages(host, pip_path):
    """
    Tests if Python virtual environment used for running the pip requirements
    upgrade checks has correct version of pip installed.
    """

    with host.sudo():
        packages = host.pip_package.get_packages(pip_path=pip_path)

        assert packages['pip']['version'].rsplit('.', 1)[0] == '18'
        assert 'pip-tools' in packages


def test_pipreqcheck_script(host):
    """
    Tests script used for performing pip requirements upgrade checks.
    """

    pipreqcheck_script = host.file('/usr/local/bin/pip_check_requirements_upgrades.sh')

    assert pipreqcheck_script.is_file
    assert pipreqcheck_script.user == 'root'
    assert pipreqcheck_script.group == 'root'
    assert pipreqcheck_script.mode == 0o755


@pytest.mark.parametrize('crontab_path, virtualenv_path', [
    ('/etc/cron.d/check_pip_requirements', '/var/lib/pipreqcheck/virtualenv'),
    ('/etc/cron.d/check_pip_requirements-py3', '/var/lib/pipreqcheck/virtualenv-py3'),
])
def test_pipreqcheck_crontab(host, crontab_path, virtualenv_path):
    """
    Tests if crontab entry is set-up correctly for running the pip requirements
    upgrade checks.
    """

    crontab = host.file(crontab_path)

    assert crontab.is_file
    assert crontab.user == 'root'
    assert crontab.group == 'root'
    assert crontab.mode == 0o644
    assert "MAILTO=root" in crontab.content
    assert virtualenv_path in crontab.content.split(" ")