#!/usr/bin/env python3
# -*- coding: utf-8; py-indent-offset: 4 -*-
#
# Author:  Linuxfabrik GmbH, Zurich, Switzerland
# Contact: info (at) linuxfabrik (dot) ch
#          https://www.linuxfabrik.ch/
# License: The Unlicense, see LICENSE file.

# https://github.com/Linuxfabrik/monitoring-plugins/blob/main/CONTRIBUTING.md

"""See the check's README for more details.
"""

import argparse  # pylint: disable=C0413
import sys  # pylint: disable=C0413

import lib.base  # pylint: disable=C0413
import lib.human  # pylint: disable=C0413
import lib.keycloak  # pylint: disable=C0413
from lib.globals import (STATE_OK, STATE_UNKNOWN)  # pylint: disable=C0413

__author__ = 'Linuxfabrik GmbH, Zurich/Switzerland'
__version__ = '2025011201'

DESCRIPTION = '''Returns some useful information about a Keycloak server using its
                 HTTP-based API. Tested with Keycloak 18+.'''

DEFAULT_CLIENT_ID = 'admin-cli'
DEFAULT_INSECURE = False
DEFAULT_NO_PROXY = False
DEFAULT_PASSWORD = 'admin'
DEFAULT_REALM = 'master'
DEFAULT_TIMEOUT = 8
DEFAULT_URL = 'http://127.0.0.1:8080'
DEFAULT_USERNAME = 'admin'


def parse_args():
    """Parse command line arguments using argparse.
    """
    parser = argparse.ArgumentParser(description=DESCRIPTION)

    parser.add_argument(
        '-V', '--version',
        action='version',
        version=f'%(prog)s: v{__version__} by {__author__}'
    )

    parser.add_argument(
        '--client-id',
        help='Keycloak API Client-ID. '
             'Default: %(default)s',
        dest='CLIENT_ID',
        default=DEFAULT_CLIENT_ID,
    )

    parser.add_argument(
        '--insecure',
        help='This option explicitly allows to perform "insecure" SSL connections. '
             'Default: %(default)s',
        dest='INSECURE',
        action='store_true',
        default=DEFAULT_INSECURE,
    )

    parser.add_argument(
        '--no-proxy',
        help='Do not use a proxy. '
             'Default: %(default)s',
        dest='NO_PROXY',
        action='store_true',
        default=DEFAULT_NO_PROXY,
    )

    parser.add_argument(
        '-p', '--password',
        help='Keycloak API password. '
             'Default: %(default)s',
        dest='PASSWORD',
        default=DEFAULT_PASSWORD,
    )

    parser.add_argument(
        '--realm',
        help='Keycloak API Realm. '
             'Default: %(default)s',
        dest='REALM',
        default=DEFAULT_REALM,
    )

    parser.add_argument(
        '--timeout',
        help='Network timeout in seconds. '
             'Default: %(default)s (seconds)',
        dest='TIMEOUT',
        type=int,
        default=DEFAULT_TIMEOUT,
    )

    parser.add_argument(
        '--url',
        help='Keycloak API URL. '
             'Default: %(default)s',
        dest='URL',
        default=DEFAULT_URL,
    )

    parser.add_argument(
        '--username',
        help='Keycloak API username. '
             'Default: %(default)s',
        dest='USERNAME',
        default=DEFAULT_USERNAME,
    )

    return parser.parse_args()


def main():
    """The main function. Hier spielt die Musik.
    """

    # parse the command line, exit with UNKNOWN if it fails
    try:
        args = parse_args()
    except SystemExit:
        sys.exit(STATE_UNKNOWN)

    # init some vars
    msg = ''
    state = STATE_OK
    perfdata = ''

    # fetch data
    # Discover the OIDC endpoints for the realm (no authentication needed),
    # obtain an admin access token and call the Admin REST API (fetch the realm's details).
    oidc_config = lib.base.coe(lib.keycloak.discover_oidc_endpoints(args))
    admin_token = lib.base.coe(lib.keycloak.obtain_admin_token(args, oidc_config))
    server_info = lib.base.coe(lib.keycloak.get_data(args, admin_token, '/admin/serverinfo'))

    # build the message
    uptime = server_info.get('systemInfo').get('uptimeMillis') / 1000
    msg += f'Up {lib.human.seconds2human(uptime)}, '
    msg += f'running under user `{server_info.get("systemInfo").get("userName")}`; '

    msg += f'Java v{server_info.get("systemInfo").get("javaVersion")}, '
    msg += f'{server_info.get("systemInfo").get("javaVm")}, '
    msg += f'{server_info.get("systemInfo").get("javaHome")}\n'

    if server_info.get('features'):
        # available in newer keycloak versions
        enabled_features, disabled_features = [], []
        for feature in server_info.get('features', []):
            if feature.get('enabled'):
                enabled_features.append(
                    f'{feature.get("name")} ({feature.get("type").lower()})'
                )
            else:
                disabled_features.append(
                    f'{feature.get("name")} ({feature.get("type").lower()})'
                )
        enabled_features.sort()
        enabled_features = '\n* '.join(enabled_features)
        msg += '\nEnabled Features: '
        msg += f'\n* {enabled_features}\n' if enabled_features else 'None\n'
    else:
        disabled_features = server_info.get('profileInfo').get('disabledFeatures')
    disabled_features.sort()
    disabled_features = '\n* '.join(disabled_features) + '\n'
    msg += '\nDisabled Features: '
    msg += f'\n* {disabled_features}\n' if disabled_features else 'None\n'

    perfdata += lib.base.get_perfdata(
        'uptime',
        uptime,
        uom='s',
        warn=None,
        crit=None,
        _min=0,
        _max=None,
    )

    # over and out
    lib.base.oao(msg, state, perfdata)


if __name__ == '__main__':
    try:
        main()
    except Exception:   # pylint: disable=W0703
        lib.base.cu()
