#!/usr/bin/python

# Copyright (c) 2014 Hewlett-Packard Development Company, L.P.
#
# This module is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This software is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this software.  If not, see <http://www.gnu.org/licenses/>.

import json
import os
import pipes

DOCUMENTATION = '''
---
module: puppet
short_description: Runs puppet
description:
  - Runs I(puppet) agent in a reliable manner
version_added: "1.5.6"
options:
  timeout:
    description:
      - How long to wait for I(puppet) to finish.
    required: false
    default: 30m
  puppetmaster:
    description:
      - The hostname of the puppetmaster to contact.
    required: true
  show_diff:
    description:
      - Should puppet return diffs of changes applied. Defaults to off to avoid leaking secret changes by default.
    required: false
    default: no
    choices: [ "yes", "no" ]
  facts:
    description:
      - A dict of values to pass in as persistent external facter facts
    required: false
    default: None
  facter_basename:
    desciption:
      - Basename of the facter output file
    required: false
    default: ansible
  hiera:
    description:
      - A dict of values to write to a local hiera file
    required: false
    default: None
  hiera_datadir:
    description:
      - Hiera's data dir
    required: false
    default: /etc/puppet/hieradata
  hiera_basename:
    desciption:
      - Basename of the hiera output file
    required: false
    default: ansible
requirements: [ puppet ]
author: Monty Taylor
'''

EXAMPLES = '''
# Run puppet and fail if anything goes wrong
- puppet

# Run puppet and timeout in 5 minutes
- puppet: timeout=5m
'''


def _get_facter_dir():
    if os.getuid() == 0:
        return '/etc/facter/facts.d'
    else:
        return os.path.expanduser('~/.facter/facts.d')


def _write_structured_data(basedir, basename, data):
    if not os.path.exists(basedir):
        os.makedirs(basedir)
    file_path = os.path.join(basedir, "{0}.json".format(basename))
    with os.fdopen(
            os.open(file_path, os.O_CREAT | os.O_WRONLY, 0o600),
            'w') as out_file:
        out_file.write(json.dumps(data).encode('utf8'))


def main():
    module = AnsibleModule(
        argument_spec=dict(
            timeout=dict(default="30m"),
            puppetmaster=dict(required=True),
            show_diff=dict(
                default=False, aliases=['show-diff'], type='bool'),
            facts=dict(default=None),
            facter_basename=dict(default='ansible'),
            hiera=dict(default=None),
            hiera_datadir=dict(default='/etc/puppet/hieradata'),
            hiera_basename=dict(default='ansible'),
        ),
    )
    p = module.params

    global PUPPET_CMD
    PUPPET_CMD = module.get_bin_path("puppet", False)

    if not PUPPET_CMD:
        module.fail_json(
            msg="Could not find puppet. Please ensure it is installed.")

    # Check if puppet is disabled here
    rc, stdout, stderr = module.run_command(PUPPET_CMD + " agent "
                                            "--configprint "
                                            "agent_disabled_lockfile")
    if os.path.exists(stdout.strip()):
        module.fail_json(
            msg="Puppet agent is administratively disabled.", disabled=True)
    elif rc != 0:
        module.fail_json(
            msg="Puppet agent state could not be determined.")

    if module.params['hiera']:
        _write_structured_data(
            module.params['hiera_datadir'],
            module.params['hiera_basename'],
            module.params['hiera'])

    if module.params['facts']:
        _write_structured_data(
            _get_facter_dir(),
            module.params['facter_basename'],
            module.params['facts'])

    cmd = ("timeout -s 9 %(timeout)s %(puppet_cmd)s agent --onetime"
           " --server %(puppetmaster)s"
           " --ignorecache --no-daemonize --no-usecacheonfailure --no-splay"
           " --detailed-exitcodes --verbose") % dict(
               timeout=pipes.quote(p['timeout']), puppet_cmd=PUPPET_CMD,
               puppetmaster=pipes.quote(p['puppetmaster']))
    if p['show_diff']:
        cmd += " --show-diff"
    rc, stdout, stderr = module.run_command(cmd)

    if rc == 0:
        # success
        module.exit_json(rc=rc, changed=False, stdout=stdout)
    elif rc == 1:
        # rc==1 could be because it's disabled
        # rc==1 could also mean there was a compilation failure
        disabled = "administratively disabled" in stdout
        if disabled:
            msg = "puppet is disabled"
        else:
            msg = "puppet did not run"
        module.exit_json(
            rc=rc, disabled=disabled, msg=msg,
            error=True, stdout=stdout, stderr=stderr)
    elif rc == 2:
        # success with changes
        module.exit_json(rc=0, changed=True)
    elif rc == 124:
        # timeout
        module.exit_json(
            rc=rc, msg="%s timed out" % cmd, stdout=stdout, stderr=stderr)
    else:
        # failure
        module.fail_json(
            rc=rc, msg="%s failed with return code: %d" % (cmd, rc),
            stdout=stdout, stderr=stderr)

# import module snippets
from ansible.module_utils.basic import *

main()