#!/usr/bin/python
# -*- coding: utf-8 -*-

# Authors:
#   Thomas Woerner <twoerner@redhat.com>
#
# Based on ipa-client-install code
#
# Copyright (C) 2018  Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

ANSIBLE_METADATA = {
    'metadata_version': '1.0',
    'supported_by': 'community',
    'status': ['preview'],
}

DOCUMENTATION = '''
---
module: ipaclient_setup_krb5
short description: Setup krb5 for IPA client
description:
  Setup krb5 for IPA client
options:
  server:
  domain:
  realm:
  hostname:
    description: The hostname of the machine to join (FQDN).
    required: true
author:
    - Thomas Woerner
'''

EXAMPLES = '''
# Backup and set hostname
- name: Backup and set hostname
  ipaclient_setup_krb5:
    server:
    domain:
    realm:
    hostname: client1.example.com
'''

RETURN = '''
'''

import os

from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_client import *

def main():
    module = AnsibleModule(
        argument_spec = dict(
            domain=dict(required=False, default=None),
            servers=dict(required=False, type='list', default=None),
            realm=dict(required=False, default=None),
            hostname=dict(required=False, default=None),
            kdc=dict(required=False, default=None),
            dnsok=dict(required=False, type='bool', default=False),
            client_domain=dict(required=False, default=None),
            sssd=dict(required=False, type='bool', default=False),
            force=dict(required=False, type='bool', default=False),
            #on_master=dict(required=False, type='bool', default=False),
        ),
        supports_check_mode = True,
    )

    module._ansible_debug = True
    servers = module.params.get('servers')
    domain = module.params.get('domain')
    realm = module.params.get('realm')
    hostname = module.params.get('hostname')
    kdc = module.params.get('kdc')
    dnsok = module.params.get('dnsok')
    client_domain = module.params.get('client_domain')
    sssd = module.params.get('sssd')
    force = module.params.get('force')
    #on_master = module.params.get('on_master')

    fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)

    #if options.on_master:
    #    # If on master assume kerberos is already configured properly.
    #    # Get the host TGT.
    #    try:
    #        kinit_keytab(host_principal, paths.KRB5_KEYTAB, CCACHE_FILE,
    #                     attempts=options.kinit_attempts)
    #        os.environ['KRB5CCNAME'] = CCACHE_FILE
    #    except gssapi.exceptions.GSSError as e:
    #        logger.error("Failed to obtain host TGT: %s", e)
    #        raise ScriptError(rval=CLIENT_INSTALL_ERROR)
    #else:

    # Configure krb5.conf
    fstore.backup_file(paths.KRB5_CONF)
    configure_krb5_conf(
        cli_realm=realm,
        cli_domain=domain,
        cli_server=servers,
        cli_kdc=kdc,
        dnsok=dnsok,
        filename=paths.KRB5_CONF,
        client_domain=client_domain,
        client_hostname=hostname,
        configure_sssd=sssd,
        force=force)

    logger.info(
        "Configured /etc/krb5.conf for IPA realm %s", realm)

    module.exit_json(changed=True)

if __name__ == '__main__':
    main()