#!/usr/bin/env python3
# -*- coding: utf-8; py-indent-offset: 4 -*-
#
# Author:  Linuxfabrik GmbH, Zurich, Switzerland
# Contact: info (at) linuxfabrik (dot) ch
#          https://www.linuxfabrik.ch/
# License: The Unlicense, see LICENSE file.

# https://github.com/Linuxfabrik/monitoring-plugins/blob/main/CONTRIBUTING.md

"""See the check's README for more details.
"""

import argparse  # pylint: disable=C0413
import sys  # pylint: disable=C0413

import lib.args  # pylint: disable=C0413
import lib.base  # pylint: disable=C0413
import lib.shell  # pylint: disable=C0413
import lib.lftest  # pylint: disable=C0413
import lib.txt  # pylint: disable=C0413
from lib.globals import (STATE_CRIT, STATE_OK,  # pylint: disable=C0413
                          STATE_UNKNOWN, STATE_WARN)


__author__ = """Linuxfabrik GmbH, Zurich/Switzerland;
                originally written by Dominik Riva, Universitätsspital Basel/Switzerland"""
__version__ = '2025021501'

DESCRIPTION = """This monitoring plugin checks the current state of a Gemalto SafeNet
                 ProtectServer Network HSM via SSH and a PSESH command, and displays the
                 current state of the HSM adapter."""

DEFAULT_COMMAND = 'hsm state'
DEFAULT_CRIT = 90
DEFAULT_SEVERITY = 'crit'
DEFAULT_TIMEOUT = 3
DEFAULT_USERNAME = 'pseoperator'
DEFAULT_WARN = 80


def parse_args():
    """Parse command line arguments using argparse.
    """
    parser = argparse.ArgumentParser(description=DESCRIPTION)

    parser.add_argument(
        '-V', '--version',
        action='version',
        version='%(prog)s: v{} by {}'.format(__version__, __author__)
    )

    parser.add_argument(
        '--always-ok',
        help='Always returns OK.',
        dest='ALWAYS_OK',
        action='store_true',
        default=False,
    )

    parser.add_argument(
        '-c', '--critical',
        help='Set the CRIT threshold as a percentage. Default: >= %(default)s',
        dest='CRIT',
        type=int,
        default=DEFAULT_CRIT,
    )

    parser.add_argument(
        '-H', '--hostname',
        help='SafeNet HSM hostname',
        dest='HOSTNAME',
        required=True,
    )

    parser.add_argument(
        '-p', '--password',
        help='SafeNet HSM password',
        dest='PASSWORD',
        required=True,
    )

    parser.add_argument(
        '--severity',
        help='Severity for alerting. Default: %(default)s',
        dest='SEVERITY',
        default=DEFAULT_SEVERITY,
        choices=['warn', 'crit'],
    )

    parser.add_argument(
        '--test',
        help='For unit tests. Needs "path-to-stdout-file,path-to-stderr-file,expected-retc".',
        dest='TEST',
        type=lib.args.csv,
    )

    parser.add_argument(
        '--timeout',
        help='Network timeout in seconds. Default: %(default)s (seconds)',
        dest='TIMEOUT',
        type=int,
        default=DEFAULT_TIMEOUT,
    )

    parser.add_argument(
        '-u', '--username',
        help='SafeNet HSM Username, for example "admin" or "pseoperator". Default: %(default)s',
        dest='USERNAME',
        choices=['admin', 'pseoperator'],
        default=DEFAULT_USERNAME,
    )

    parser.add_argument(
        '-w', '--warning',
        help='Set the WARN threshold as a percentage. Default: >= %(default)s',
        dest='WARN',
        type=int,
        default=DEFAULT_WARN,
    )

    return parser.parse_args()


def main():
    """The main function. Hier spielt die Musik.
    """

    # parse the command line, exit with UNKNOWN if it fails
    try:
        args = parse_args()
    except SystemExit:
        sys.exit(STATE_UNKNOWN)

    # fetch data
    if args.TEST is None:
        # -o: Give options in the format used in the configuration file.
        # -T: Disable pseudo-terminal allocation.
        cmd = "sshpass -p {} ssh -o ConnectTimeout={} -T '{}'@'{}' '{}'".format(
            args.PASSWORD,
            args.TIMEOUT,
            args.USERNAME,
            args.HOSTNAME,
            'hsm state',
        )
        stdout, stderr, retc = lib.base.coe(lib.shell.shell_exec(cmd))
        if lib.shell.RETC_SSHPASS.get(retc, ''):
            lib.base.cu('sshpass: {}'.format(lib.shell.RETC_SSHPASS[retc]))
        if stderr:
            lib.base.cu(stderr)
    else:
        # do not call the command, put in test data
        stdout, stderr, retc = lib.lftest.test(args.TEST)

    # init some vars
    msg = ''
    state = STATE_OK
    perfdata = ''

    # analyze data
    stdout = stdout.strip() # remove the empty line at the start of the output
    if 'HSM in NORMAL MODE' not in stdout \
    or 'Command Result : 0' not in stdout:
        state = lib.base.str2state(args.SEVERITY)
    value = lib.txt.extract_str(stdout, 'Level=', '%')
    if value:
        state = lib.base.get_worst(state, lib.base.get_state(value, args.WARN, args.CRIT))
        perfdata += lib.base.get_perfdata('usage_percent', value, '%', args.WARN, args.CRIT, 0, 100) # pylint: disable=C0301

    # build the message
    msg = '{}{}'.format(
        ' '.join(stdout.partition('\n')[0].split()), # get the first line, strip all whitespaces
        lib.base.state2str(state, prefix=' '),
    )

    # over and out
    lib.base.oao(msg, state, perfdata, always_ok=args.ALWAYS_OK)


if __name__ == '__main__':
    try:
        main()
    except Exception:   # pylint: disable=W0703
        lib.base.cu()
