#!/usr/bin/python
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.

DOCUMENTATION = '''
---
module: azure
short_description: create or terminate a virtual machine in azure
description:
     - Creates or terminates azure instances. When created optionally waits for it to be 'running'. This module has a dependency on python-azure >= 0.7.1
version_added: "1.7"
options:
  name:
    description:
      - name of the virtual machine and associated cloud service.
    required: true
    default: null
  location:
    description:
      - the azure location to use (e.g. 'East US')
    required: true
    default: null
  subscription_id:
    description:
      - azure subscription id. Overrides the AZURE_SUBSCRIPTION_ID environement variable.
    required: false
    default: null
  management_cert_path:
    description:
      - path to an azure management certificate associated with the subscription id. Overrides the AZURE_CERT_PATH environement variable.
    required: false
    default: null
  storage_account:
    description:
      - the azure storage account in which to store the data disks.
    required: true
  image:
    description:
      - system image for creating the virtual machine (e.g., b39f27a8b8c64d52b05eac6a62ebad85__Ubuntu_DAILY_BUILD-precise-12_04_3-LTS-amd64-server-20131205-en-us-30GB)
    required: true
    default: null
  role_size:
    description:
      - azure role size for the new virtual machine (e.g., Small, ExtraLarge, A6)
    required: false
    default: Small
  endpoints:
    description:
      - a comma-separated list of TCP ports to expose on the virtual machine (e.g., "22,80")
    required: false
    default: 22
  user:
    description:
      - the unix username for the new virtual machine.
    required: false
    default: null
  password:
    description:
      - the unix password for the new virtual machine.
    required: false
    default: null
  ssh_cert_path:
    description:
      - path to an X509 certificate containing the public ssh key to install in the virtual machine. See http://www.windowsazure.com/en-us/manage/linux/tutorials/intro-to-linux/ for more details.
      - if this option is specified, password-based ssh authentication will be disabled.
    required: false
    default: null
  hostname:
    description:
      - hostname to write /etc/hostname. Defaults to <name>.cloudapp.net.
    required: false
    default: null
  wait:
    description:
      - wait for the instance to be in state 'running' before returning
    required: false
    default: "no"
    choices: [ "yes", "no" ]
    aliases: []
  wait_timeout:
    description:
      - how long before wait gives up, in seconds
    default: 300
    aliases: []
  state:
    description:
      - create or terminate instances
    required: false
    default: 'present'
    aliases: []

requirements: [ "azure" ]
author: John Whitbeck
'''

EXAMPLES = '''
# Note: None of these examples set subscription_id or management_cert_path
# It is assumed that their matching environment variables are set.

# Provision virtual machine example
- local_action:
    module: azure
    name: my-virtual-machine
    role_size: Small
    image: b39f27a8b8c64d52b05eac6a62ebad85__Ubuntu_DAILY_BUILD-precise-12_04_3-LTS-amd64-server-20131205-en-us-30GB
    location: 'East US'
    user: ubuntu
    ssh_cert_path: /path/to/azure_x509_cert.pem
    storage_account: my-storage-account
    wait: yes

# Terminate virtual machine example
- local_action:
    module: azure
    name: my-virtual-machine
    state: absent
'''

import base64
import datetime
import os
import sys
import time
from urlparse import urlparse

AZURE_LOCATIONS = ['East Asia',
                   'Southeast Asia',
                   'North Europe',
                   'West Europe',
                   'East US',
                   'West US']

AZURE_ROLE_SIZES = ['Small', 'Medium', 'Large', 'ExtraLarge', 'A5', 'A6', 'A7']

try:
    import azure
    from azure import WindowsAzureError, WindowsAzureMissingResourceError
    from azure.servicemanagement import (ServiceManagementService, OSVirtualHardDisk, SSH, PublicKeys,
                                         PublicKey, LinuxConfigurationSet, ConfigurationSetInputEndpoints,
                                         ConfigurationSetInputEndpoint)
except ImportError:
    print "failed=True msg='azure required for this module'"
    sys.exit(1)

def get_ssh_certificate_tokens(module, ssh_cert_path):
    """
    Returns the sha1 fingerprint and a base64-encoded PKCS12 version of the certificate.
    """
    # This returns a string such as SHA1 Fingerprint=88:60:0B:13:A9:14:47:DA:4E:19:10:7D:34:92:2B:DF:A1:7D:CA:FF
    rc, stdout, stderr = module.run_command(['openssl', 'x509', '-in', ssh_cert_path, '-fingerprint', '-noout'])
    if rc != 0:
        module.fail_json(msg="failed to generate the key fingerprint, error was: %s" % stderr)
    fingerprint = stdout.strip()[17:].replace(':','')

    rc, stdout, stderr = module.run_command(['openssl', 'pkcs12', '-export', '-in', ssh_cert_path, '-nokeys', '-password', 'pass:'])
    if rc != 0:
        module.fail_json(msg="failed to generate the pkcs12 signature from the certificate, error was: %s" % stderr)
    pkcs12_base64 = base64.b64encode(stdout.strip())

    return (fingerprint, pkcs12_base64)


def create_virtual_machine(module, azure):
    """
    Create new virtual machine

    module : AnsibleModule object
    azure: authenticated azure ServiceManagementService object

    Returns:
        True if a new virtual machine was created, false otherwise
    """


    name = module.params.get('name')
    hostname = module.params.get('hostname') or name + ".cloudapp.net"
    endpoints = module.params.get('endpoints').split(',')
    ssh_cert_path = module.params.get('ssh_cert_path')
    user = module.params.get('user')
    password = module.params.get('password')
    location = module.params.get('location')
    role_size = module.params.get('role_size')
    storage_account = module.params.get('storage_account')
    image = module.params.get('image')
    wait = module.params.get('wait')
    wait_timeout = int(module.params.get('wait_timeout'))

    # Check if a deployment with the same name already exists
    deployment = None
    try:
        deployment = azure.get_deployment_by_name(service_name=name, deployment_name=name)
    except WindowsAzureMissingResourceError as e:
        pass # no such deployment
    except WindowsAzureError as e:
        module.fail_json(msg="failed to create the new deployment, error was: %s" % str(e))

    if deployment:
        changed = False
    else:
        changed = True

        # Create cloud service if necessary
        try:
            existing_service_names = [service.service_name for service in azure.list_hosted_services()]
            if not name in existing_service_names:
                azure.create_hosted_service(service_name=name, label=name, location=location)
        except WindowsAzureError as e:
            module.fail_json(msg="failed to create the new service name, it already exists: %s" % str(e))

        # Create linux configuration
        disable_ssh_password_authentication = not password
        linux_config = LinuxConfigurationSet(hostname, user, password, disable_ssh_password_authentication)

        # Add ssh certificates if specified
        if ssh_cert_path:
            fingerprint, pkcs12_base64 = get_ssh_certificate_tokens(module, ssh_cert_path)
            # Add certificate to cloud service
            azure.add_service_certificate(name, pkcs12_base64, 'pfx', '')
            # Create ssh config
            ssh_config = SSH()
            ssh_config.public_keys = PublicKeys()
            authorized_keys_path = u'/home/%s/.ssh/authorized_keys' % user
            ssh_config.public_keys.public_keys.append(PublicKey(path=authorized_keys_path, fingerprint=fingerprint))
            # Append ssh config to linux machine config
            linux_config.ssh = ssh_config

        # Create network configuration
        network_config = ConfigurationSetInputEndpoints()
        network_config.configuration_set_type = 'NetworkConfiguration'
        network_config.subnet_names = []
        for port in endpoints:
            network_config.input_endpoints.append(ConfigurationSetInputEndpoint(name='TCP-%s' % port,
                                                                                protocol='TCP',
                                                                                port=port,
                                                                                local_port=port))

        # First determine where to store disk
        today = datetime.date.today().strftime('%Y-%m-%d')
        disk_prefix = u'%s-%s' % (name, name)
        media_link = u'http://%s.blob.core.windows.net/vhds/%s-%s.vhd' % (storage_account, disk_prefix, today)
        # Create system hard disk
        os_hd = OSVirtualHardDisk(image, media_link)

        # Spin up virtual machine
        try:
            azure.create_virtual_machine_deployment(service_name=name,
                                                    deployment_name=name,
                                                    deployment_slot='production',
                                                    label=name,
                                                    role_name=name,
                                                    system_config=linux_config,
                                                    network_config=network_config,
                                                    os_virtual_hard_disk=os_hd,
                                                    role_size=role_size)
        except WindowsAzureError as e:
            module.fail_json(msg="failed to create the new virtual machine, error was: %s" % str(e))

        # wait here until the deployment is up
        deployment = None
        wait_timeout = time.time() + wait_timeout
        while wait_timeout > time.time() and not deployment:
            try:
                deployment = azure.get_deployment_by_name(service_name=name, deployment_name=name)
            except WindowsAzureMissingResourceError as e:
                pass # deployment still not available
            except WindowsAzureError as e:
                # got a bad response from azure, wait a second and then try again
                time.sleep(1)
                continue
            if deployment:
                break
            else:
                time.sleep(5)

    return changed


def terminate_virtual_machine(module, azure):
    """
    Terminates a virtual machine

    module : AnsibleModule object
    azure: authenticated azure ServiceManagementService object

    Not yet supported: handle deletion of attached data disks.

    Returns:
        True if a new virtual machine was deleted, false otherwise
    """

    # Whether to wait for termination to complete before returning
    wait = module.params.get('wait')
    wait_timeout = int(module.params.get('wait_timeout'))
    name = module.params.get('name')
    delete_empty_services = module.params.get('delete_empty_services')

    changed = False

    deployment = None
    try:
        deployment = azure.get_deployment_by_name(service_name=name, deployment_name=name)
    except WindowsAzureMissingResourceError as e:
        pass # no such deployment
    except WindowsAzureError as e:
        module.fail_json(msg="failed to find the deployment, error was: %s" % str(e))

    # Delete deployment
    if deployment:
        changed = True
        try:
            # TODO: Also find a way to delete old hard drives
            azure.delete_deployment(service_name=name,deployment_name=name)
            wait_timeout = time.time() + wait_timeout
            while wait_timeout > time.time() and deployment:
                try:
                    deployment = azure.get_deployment_by_name(service_name=name, deployment_name=name)
                except WindowsAzureMissingResourceError as e:
                    break # successfully deleted
                except WindowsAzureError as e:
                    # Azure api error, wait a second and retry
                    time.sleep(1)
                    continue
                time.sleep(5)
            # Now that the vm is deleted, remove the cloud service
            azure.delete_hosted_service(service_name=name)
        except WindowsAzureError as e:
            module.fail_json(msg="failed to delete the service %s, error was: %s" % (name, str(e)))

    return changed

def get_azure_creds(module):
    # Check modul args for credentials, then check environment vars
    subscription_id = module.params.get('subscription_id')
    management_cert_path = module.params.get('management_cert_path')

    if not subscription_id:
        subscription_id = os.environ['AZURE_SUBSCRIPTION_ID']
        management_cert_path = os.environ['AZURE_CERT_PATH']

    return subscription_id, management_cert_path

def main():
    module = AnsibleModule(
        argument_spec = dict(
            ssh_cert_path = dict(),
            name = dict(),
            hostname = dict(),
            location = dict(choices=AZURE_LOCATIONS),
            role_size = dict(choices=AZURE_ROLE_SIZES),
            subscription_id = dict(no_log=True),
            storage_account = dict(),
            management_cert_path = dict(),
            endpoints = dict(default='22'),
            user = dict(),
            password = dict(),
            image = dict(),
            state = dict(default='present'),
            wait = dict(type='bool', default=False),
            wait_timeout = dict(default=300)
        )
    )

    # create azure ServiceManagementService object
    subscription_id, management_cert_path = get_azure_creds(module)
    azure = ServiceManagementService(subscription_id, management_cert_path)

    if module.params.get('state') == 'absent':
        changed = terminate_virtual_machine(module, azure)


    elif module.params.get('state') == 'present':
        # Changed is always set to true when provisioning new instances
        if not module.params.get('name'):
            module.fail_json(msg='name parameter is required for new instance')
        if not module.params.get('image'):
            module.fail_json(msg='image parameter is required for new instance')
        if not module.params.get('user'):
            module.fail_json(msg='user parameter is required for new instance')
        if not module.params.get('location'):
            module.fail_json(msg='location parameter is required for new instance')
        if not module.params.get('storage_account'):
            module.fail_json(msg='storage_account parameter is required for new instance')
        changed = create_virtual_machine(module, azure)


    module.exit_json(changed=changed)

# import module snippets
from ansible.module_utils.basic import *

main()
