import os

import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory', 'parameters-optional'])


def test_installed_packages(host):
    """
    Tests if all the necessary packages have been installed.
    """

    assert host.package('slapd').is_installed
    assert host.package('python-ldap').is_installed


def test_ldap_user_group(host):
    """
    Tests if LDAP server user is part of group that allows it to traverse TLS
    private keys directory.
    """

    assert "ssl-cert" in host.user('openldap').groups


def test_ldap_server_service_sockets_and_ports(host):
    """
    Tests if LDAP server has been configured to listen on correct sockets.
    """

    assert host.socket('tcp://389').is_listening
    assert host.socket('tcp://636').is_listening
    assert host.socket('unix:///var/run/slapd/ldapi').is_listening


def test_ldap_server_service(host):
    """
    Tests if the LDAP service is enabled and running.
    """

    service = host.service('slapd')

    assert service.is_enabled
    assert service.is_running


def test_syslog_configuration(host):
    """
    Tests if syslog configuration file has been deployed, and log file was
    created correctly (and is being logged to).
    """

    config = host.file('/etc/rsyslog.d/slapd.conf')
    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o644

    with host.sudo():
        log = host.file('/var/log/slapd.log')
        assert log.is_file
        assert 'slapd' in log.content


def test_log_rotation_configuration(host):
    """
    Tests if log rotation configuration file has been deployed correctly and has
    valid syntax.
    """

    config = host.file('/etc/logrotate.d/slapd')

    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o644

    with host.sudo():

        assert host.run('logrotate /etc/logrotate.d/slapd').rc == 0


def test_misc_schema_presence(host):
    """
    Tests if the misc LDAP schema has been imported.
    """

    with host.sudo():

        misc_schema = host.run('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -b cn=config dn')
        assert misc_schema.rc == 0
        assert 'dn: cn={4}misc,cn=schema,cn=config' in misc_schema.stdout


def test_memberof_module(host):
    """
    Tests if the memberof overlay has been enabled for the main database.
    """

    with host.sudo():
        memberof = host.run('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -b cn=config dn')

        assert memberof.rc == 0
        assert 'dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config' in memberof.stdout


def test_basic_directory_structure(host):
    """
    Tests if the base LDAP directory structure has been set-up correctly.
    """

    with host.sudo():

        ous = ["people", "groups", "services"]

        for ou in ous:

            entry = host.run('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -s base -b ou=%s,dc=local' % ou)

            assert entry.rc == 0
            assert entry.stdout == """dn: ou=%(ou)s,dc=local
objectClass: organizationalUnit
ou: %(ou)s""" % {'ou': ou}


def test_mail_service_entries(host):
    """
    Tests if the mail service entries have been set-up correctly.
    """

    with host.sudo():

        entry = host.run('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -s base -b ou=mail,ou=services,dc=local')
        assert entry.rc == 0
        assert entry.stdout == """dn: ou=mail,ou=services,dc=local
objectClass: organizationalUnit
ou: mail"""

        entry = host.run('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -s base -b ou=domains,ou=mail,ou=services,dc=local')
        assert entry.rc == 0
        assert entry.stdout == """dn: ou=domains,ou=mail,ou=services,dc=local
objectClass: organizationalUnit
ou: domains"""

        entry = host.run('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -s base -b ou=aliases,ou=mail,ou=services,dc=local')
        assert entry.rc == 0
        assert entry.stdout == """dn: ou=aliases,ou=mail,ou=services,dc=local
objectClass: organizationalUnit
ou: aliases"""


def test_firewall_configuration_file(host):
    """
    Tests if firewall configuration file has been deployed correctly.
    """

    with host.sudo():

        config = host.file('/etc/ferm/conf.d/10-ldap.conf')

        assert config.is_file
        assert config.user == 'root'
        assert config.group == 'root'
        assert config.mode == 0o640


def test_admin_password(host):
    """
    Tests if administrator password has been set correctly.
    """

    login = host.run("ldapwhoami -H ldapi:/// -x -w adminpassword -D cn=admin,dc=local")

    assert login.rc == 0
    assert login.stdout == "dn:cn=admin,dc=local"


def test_temporary_admin_password_file_not_present(host):
    """
    Tests if the file that temporarily contains the LDAP adminstrator password
    has been removed.
    """

    with host.sudo():
        assert not host.file('/root/.ldap_admin_password').exists