# Copyright 2021-2025 Ping Identity Corporation. All Rights Reserved
#
# This code is to be used exclusively in connection with Ping Identity
# Corporation software or services. Ping Identity Corporation only offers
# such software or services to legal entities who have entered into a
# binding license agreement with Ping Identity Corporation.

# -*- coding: utf-8 -*-

# load tasks used by configuration file

# Python import
import inspect

# Framework imports
from pyrock.lib.scheduler.tasks.StepTask import StepTask
from pyrock.lib.scheduler.tasks.ScaleTask import ScaleTask
from pyrock.tasks.deployment.installation import DeployOverseerTask
from pyrock.tasks.scenario.ds_sdk import DSSearchRateTask, DSModRateTask, GenerateDSAddRateTemplateTask, ResetPolicies
from shared.lib.cloud_utils import kubectl
from shared.lib.utils.exception import FailException


class AllowAnonymousSearchTask(StepTask):

    def connection_parameters(self, pod):
        cmd = [
            f"--hostname {pod.name}",
            f"--port {pod.component.admin_port}",
            f"--bindDN {pod.component.admin_user}",
            f"--bindPassword {pod.component.admin_password}",
            pod.component.default_props_line,
            "--no-prompt",
        ]
        return " ".join(cmd)

    def pre(self):
        if not self.source.component_type == "ds":
            raise FailException("Source must be ds component")

    def step1(self):
        """Release unauthenticated access"""
        cmd1 = "dsconfig set-global-configuration-prop --reset unauthenticated-requests-policy "

        aci_values = """
                global-aci:(extop="1.3.6.1.4.1.26027.1.6.1||1.3.6.1.4.1.26027.1.6.3||1.3.6.1.4.1.4203.1.11.1||1.3.6.1.4.1.1466.20037||1.3.6.1.4.1.4203.1.11.3")(version 3.0; acl "Anonymous extended operation access"; allow(read) userdn="ldap:///anyone";)
                global-aci:(targetcontrol="2.16.840.1.113730.3.4.2||2.16.840.1.113730.3.4.17||2.16.840.1.113730.3.4.19||1.3.6.1.4.1.4203.1.10.2||1.3.6.1.4.1.42.2.27.8.5.1||2.16.840.1.113730.3.4.16||1.2.840.113556.1.4.1413||1.3.6.1.4.1.36733.2.1.5.1")(version 3.0; acl "Anonymous control access"; allow(read) userdn="ldap:///anyone";)
                global-aci:(targetattr!="userPassword||authPassword||debugsearchindex||changes||changeNumber||changeType||changeTime||targetDN||newRDN||newSuperior||deleteOldRDN")(version 3.0; acl "Anonymous read access"; allow (read,search,compare) userdn="ldap:///anyone";)
            """
        aci_values = inspect.cleandoc(aci_values).splitlines()

        aci_values = [val.replace('"', '\\"') for val in aci_values]
        cmd2 = "dsconfig set-access-control-handler-prop --reset global-aci "
        cmd2 += " ".join([f'--set "{val}"' for val in aci_values]) + " "

        for pod in self.source.pods:
            for cmd in [cmd1, cmd2]:
                cmd += self.connection_parameters(pod)
                kubectl(
                    f"exec {pod.name} -- {cmd}",
                    namespace=self.source.namespace,
                    expected_rc=[0, 32],
                    component=self.source,
                    context=self.source.context,
                )