#
# Copyright:: Copyright (c) 2017 GitLab Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

require 'mixlib/config'
require 'chef/json_compat'
require 'chef/mixin/deep_merge'
require 'securerandom'
require 'uri'

require_relative 'config_mash.rb'
require_relative 'gitlab_cluster'

module SettingsDSL
  def self.extended(base)
    # Setup getter/setters for roles and settings
    class << base
      attr_accessor :available_roles, :settings
    end

    base.available_roles = {}
    base.settings = {}
  end

  # Change the default root location for node attributes
  # Pass in the root (ie 'gitlab') and a block containing the attributes that should
  # use that root.
  # ex:
  #   attribute_block('example') do
  #     attribute('some_attribute')
  #   end
  #   This will convert Gitlab['some_attribute'] to node['example']['some-attribute']
  def attribute_block(root = nil)
    return unless block_given?

    begin
      @_default_parent = root
      yield
    ensure
      @_default_parent = nil
    end
  end

  # Create a new role with the given 'name' config
  # config options are:
  #  manage_services - Boolean to indicate whether the role enables/disables services. Defaults to enabled.
  #                    If enabled, the default service role is disabled when using a different role that manages services
  # Roles are configured as Gitlab['<name>_role'] and are added to the node as node['roles']['<name>']
  # ex: some_specific_role['enable'] = true
  #     will result in Gitlab['some_specific_role']['enable'] = true
  #     and node['roles']['some-specific']['enable'] = true
  def role(name, **config)
    @available_roles[name] = HandledHash.new.merge!(
      { manage_services: true }
    ).merge(config)
    send("#{name}_role", Gitlab::ConfigMash.new)
    @available_roles[name]
  end

  # Create a new attribute with the given 'name' and config
  #
  # config options are:
  #  parent   - String name for the root node attribute, default can be specified using the attribute_block method
  #  priority - Integer used to sort the settings when applying them, defaults to 20, similar to sysvinit startups. Lower numbers are loaded first.
  #  ee       - Boolean to indicate that the variable should only be used in GitLab EE
  #  default  - Default value to set for the Gitlab Config. Defaults to Gitlab::ConfigMash.new, should be set to nil config expecting non hash values
  #
  # ex: attribute('some_attribute', parent: 'gitlab', sequence: 10, default: nil)
  #     will right away set Gitlab['some_attribute'] = nil
  #     and when the config is generated it will set node['gitlab']['some-attribute'] = nil
  def attribute(name, **config)
    @settings[name] = HandledHash.new.merge!(
      { parent: @_default_parent, priority: 20, ee: false, default: Gitlab::ConfigMash.new }
    ).merge(config)

    send(name.to_sym, @settings[name][:default])
    @settings[name]
  end

  # Same as 'attribute' but defaults 'enable' to false if the GitlabEE module is unavailable
  def ee_attribute(name, **config)
    config = { ee: true }.merge(config)
    attribute(name, **config)
  end

  def from_file(_file_path)
    # Throw errors for unrecognized top level calls (usually spelling mistakes)
    config_strict_mode true
    # Turn on node deprecation messages
    Gitlab::Deprecations::NodeAttribute.log_deprecations = true
    # Allow auto mash creation during from_file call
    Gitlab::ConfigMash.auto_vivify { super }
  ensure
    config_strict_mode false
    Gitlab::Deprecations::NodeAttribute.log_deprecations = false
  end

  # Enhance set so strict mode errors aren't thrown as long as the setting is witin our defined config
  def internal_set(symbol, value)
    if configuration.key?(symbol)
      configuration[symbol] = value
    else
      super
    end
  end

  # Enhance get so strict mode errors aren't thrown as long as the setting is witin our defined config
  def internal_get(symbol)
    if configuration.key?(symbol)
      configuration[symbol]
    else
      super
    end
  end

  def sanitized_config
    results = { "gitlab" => {}, "roles" => {}, "monitoring" => {} }

    # Add the settings to the results
    sorted_settings.each do |key, value|
      raise "Attribute parent value invalid for key: #{key} (#{value})" if value[:parent] && !results.key?(value[:parent])

      target = value[:parent] ? results[value[:parent]] : results

      target[Utils.node_attribute_key(key)] = Gitlab[key]
    end

    # Add the roles the the results
    @available_roles.each do |key, value|
      results['roles'][Utils.node_attribute_key(key)] = Gitlab["#{key}_role"]
    end

    results
  end

  def load_roles
    # System services are enabled by default
    Services.enable_group(Services::SYSTEM_GROUP)
    RolesHelper.parse_enabled

    # Roles defined in the cluster configuration file overrides roles from /etc/gitlab/gitlab.rb
    GitlabCluster.config.load_roles!

    # Load our roles
    DefaultRole.load_role
    @available_roles.each do |key, value|
      handler = value.handler
      handler.load_role if handler.respond_to?(:load_role)
    end
  end

  def generate_secrets(node_name, path = SecretsHelper::SECRETS_FILE)
    # Gitlab['node'][SecretsHelper::SKIP_GENERATE_SECRETS_CHEF_ATTR] is set to
    # true  if we are calling from the 'gitlab-ctrl generate-secrets' command
    # and we are running the 'config(-ee)' recipe in which case we will generate
    # secrets in the 'generate_secrets' recipe where it will then be set to
    # false.
    return if Gitlab['node'][SecretsHelper::SKIP_GENERATE_SECRETS_CHEF_ATTR] == true

    force_write_secrets = !Gitlab['node'][SecretsHelper::SECRETS_FILE_CHEF_ATTR].nil?

    # guards against creating secrets on non-bootstrap node
    SecretsHelper.read_gitlab_secrets(path)
    generate_default_secrets = Gitlab['package']['generate_default_secrets'] != false

    Chef::Log.info("Generating default secrets") if generate_default_secrets
    # Parse secrets using the handlers
    sorted_settings.each do |_key, value|
      handler = value.handler
      handler.parse_secrets if handler.respond_to?(:parse_secrets) && generate_default_secrets
      handler.validate_secrets if handler.respond_to?(:validate_secrets)
    end

    if Gitlab['package']['generate_secrets_json_file'] == false && !force_write_secrets
      return unless generate_default_secrets

      warning_message = <<~EOS
        You've enabled generating default secrets but have disabled writing them to #{path} file.
        This results in secrets not persisting across `gitlab-ctl reconfigure` runs and can cause issues with functionality.
      EOS

      LoggingHelper.warning(warning_message)
    else
      Chef::Log.info("Generating #{path} file")
      SecretsHelper.write_to_gitlab_secrets(path)
    end
  end

  def generate_config(node_name)
    generate_secrets(node_name)
    load_roles
    # Parse all our variables using the handlers
    sorted_settings.each do |_key, value|
      handler = value.handler
      handler.parse_variables if handler.respond_to?(:parse_variables)
    end

    strip_nils(sanitized_config)
  end

  def strip_nils(attributes)
    results = {}
    attributes.each_pair do |key, value|
      next if value.nil?

      recursive_classes = [Hash, Gitlab::ConfigMash, ChefUtils::Mash]
      results[key] = if recursive_classes.include?(value.class)
                       strip_nils(value)
                     else
                       value
                     end
    end
    results
  end

  # Merge provided role and value set if value is defined
  #
  # @param [String] role
  # @param [String] value
  def override_role!(role, value)
    return if value.nil?

    GitlabCluster.log_overriding_message(role, value) unless dig(role, 'enable').nil?

    Gitlab::ConfigMash.auto_vivify do
      self[role]['enable'] = value
    end
  end

  private

  # Sort settings by their sequence value
  def sorted_settings
    @settings.select { |_k, value| !value[:ee] || Gitlab['edition'] == :ee }.sort_by { |_k, value| value[:priority] }
  end

  # Custom Hash object used to add a handler as a block to the attribute
  class HandledHash < Hash
    attr_writer :handler

    def use(&block)
      @handler = block
      self
    end

    def handler
      @handler = @handler.call if @handler.respond_to?(:call)
      @handler
    end
  end

  class Utils
    class << self
      # In service names, words are seperated with a hyphen
      def service_name(service)
        service.tr('_', '-')
      end

      # Node attributes corresponding to a service are formatted by replacing
      # hyphens in the service names with underscores
      def node_attribute_key(service)
        service.tr('-', '_')
      end
    end
  end
end