#!/usr/bin/python

# Copyright (c) 2009, Purdue University
# All rights reserved.
# 
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# 
# Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# Redistributions in binary form must reproduce the above copyright notice, this
# list of conditions and the following disclaimer in the documentation and/or
# other materials provided with the distribution.
# 
# Neither the name of the Purdue University nor the names of its contributors
# may be used to endorse or promote products derived from this software without
# specific prior written permission.
# 
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

"""Remove acls for Roster"""


__copyright__ = 'Copyright (C) 2009, Purdue University'
__license__ = 'BSD'
__version__ = '0.12'


import os
import sys
import getpass

from optparse import OptionParser

from roster_user_tools import cli_common_lib
from roster_user_tools import roster_client_lib


def main(args):
  """Collects command line arguments.

  Inputs:
    args: list of arguments from the command line
  """
  parser = OptionParser(version='%%prog (Roster %s)' % __version__)

  parser.add_option('-a', '--acl', action='store', dest='acl',
                    help='ACL name', default=None)
  parser.add_option('--cidr-block', action='store', dest='cidr_block',
                    help='Cidr block or single IP address. Used for making'
                         ' ACLs.', default=None)
  parser.add_option('--allow', action='store_true', dest='allow',
                    help='Allow access for specified ACL.', default=None)
  parser.add_option('--deny', action='store_true', dest='deny',
                    help='Deny access for specified ACL.', default=None)
  parser.add_option('-s', '--server', action='store', dest='server',
                    help='XML RPC Server URL.', metavar='<server>',
                    default=None)
  parser.add_option('--config-file', action='store', dest='config_file',
                    help='Config file location.', metavar='<file>',
                    default=None)
  parser.add_option('-u', '--username', action='store', dest='username',
                    help='Run as a different username.', metavar='<username>',
                    default=unicode(getpass.getuser()))
  parser.add_option('-p', '--password', action='store', dest='password',
                    help='Password string, NOTE: It is insecure to use this '
                         'flag on the command line.', metavar='<password>',
                    default=None)
  parser.add_option('-c', '--cred-file', action='store', dest='credfile',
                    help='Location of credential file.', metavar='<cred-file>',
                    default=None)
  parser.add_option('--cred-string', action='store', dest='credstring',
                    help='String of credential.', metavar='<cred-string>',
                    default=None)
  parser.add_option('-q', '--quiet', action='store_true', dest='quiet',
                    help='Suppress program output.', default=False)
  parser.add_option('--force', action='store_true', dest='force',
                    help='Force deletion of entire ACL.', default=False)

  (globals()["options"], args) = parser.parse_args(args)

  try:
    cli_common_lib_instance = cli_common_lib.CliCommonLib(options)
  except cli_common_lib.ArgumentError, e:
    print 'ERROR: %s' % e
    sys.exit(1)

  if( not options.acl and len(parser.largs) == 1 ):
    options.acl = parser.largs[0]
  elif( not options.acl ):
    cli_common_lib_instance.DnsError('An acl must be specified.', 1)

  if( options.acl and not options.allow and not options.deny
      and not options.cidr_block ):
    if( options.force ):
      roster_client_lib.RunFunction(
          u'RemoveACL', options.username, credfile=options.credfile,
          credstring=options.credstring, server_name=options.server,
          args=[options.acl])
      if( not options.quiet ):
        print 'REMOVED ACL: acl: %s' % options.acl
    else:
      cli_common_lib_instance.DnsError(
          'Must use --force to delete entire ACL.', 1)

  else:
    if( options.allow and options.deny ):
      cli_common_lib_instance.DnsError(
          '--allow and --deny cannot be used simultaneously.', 1)
    if( not options.cidr_block ):
      cli_common_lib_instance.DnsError(
          'A CIDR block must be specified with --cidr-block.', 1)
    allowed = None
    if( options.allow ):
      allowed = 1 
    elif( options.deny ):
      allowed = 0 
    roster_client_lib.RunFunction(
        u'RemoveCIDRBlockFromACL', options.username, credfile=options.credfile,
        credstring=options.credstring, server_name=options.server,
        args=[options.acl, options.cidr_block, allowed])
    if( not options.quiet ):
      print 'REMOVED ACL: acl: %s cidr_block: %s allowed: %s' % (
          options.acl, options.cidr_block, allowed)


if __name__ == "__main__":
  main(sys.argv[1:])
