#!/usr/bin/env python3
# -*- coding: utf-8; py-indent-offset: 4 -*-
#
# Author:  Linuxfabrik GmbH, Zurich, Switzerland
# Contact: info (at) linuxfabrik (dot) ch
#          https://www.linuxfabrik.ch/
# License: The Unlicense, see LICENSE file.

# https://github.com/Linuxfabrik/monitoring-plugins/blob/main/CONTRIBUTING.md

"""See the check's README for more details."""

import argparse
import sys
import urllib.parse

import lib.args
import lib.base
import lib.db_sqlite
import lib.url
from lib.globals import STATE_CRIT, STATE_OK, STATE_UNKNOWN, STATE_WARN

__author__ = 'Linuxfabrik GmbH, Zurich/Switzerland'
__version__ = '2026040801'

DESCRIPTION = """Monitors CPU utilization on FortiGate appliances running FortiOS via the REST API.
Alerts only if the threshold has been exceeded for a configurable number of
consecutive check runs (default: 5), suppressing short spikes. First checks against
the globally configured cpu-use-threshold on the appliance, then falls back to
command-line thresholds."""

DEFAULT_WARN = 80  # %
DEFAULT_CRIT = 90  # %
DEFAULT_COUNT = (
    5  # measurements; if check runs once per minute, this is a 5 minute interval
)
DEFAULT_INSECURE = False
DEFAULT_NO_PROXY = False
DEFAULT_TIMEOUT = 3


def parse_args():
    """Parse command line arguments using argparse."""
    parser = argparse.ArgumentParser(description=DESCRIPTION)

    parser.add_argument(
        '-V',
        '--version',
        action='version',
        version=f'%(prog)s: v{__version__} by {__author__}',
    )

    parser.add_argument(
        '--always-ok',
        help=lib.args.help('--always-ok'),
        dest='ALWAYS_OK',
        action='store_true',
        default=False,
    )

    parser.add_argument(
        '--count',
        help=lib.args.help('--count') + ' Default: %(default)s',
        dest='COUNT',
        type=int,
        default=DEFAULT_COUNT,
    )

    parser.add_argument(
        '-c',
        '--critical',
        help='CRIT threshold for CPU usage in percent. '
        'The plugin first checks against the globally configured `cpu-use-threshold` on the '
        'appliance; this value is only used if no global threshold exists. '
        'Default: %(default)s',
        dest='CRIT',
        type=int,
        default=DEFAULT_CRIT,
    )

    parser.add_argument(
        '-H',
        '--hostname',
        help='FortiOS-based appliance address, optionally including port. '
        'Example: `--hostname 192.168.1.1:443`.',
        dest='HOSTNAME',
        required=True,
    )

    parser.add_argument(
        '--insecure',
        help=lib.args.help('--insecure'),
        dest='INSECURE',
        action='store_true',
        default=DEFAULT_INSECURE,
    )

    parser.add_argument(
        '--no-proxy',
        help=lib.args.help('--no-proxy'),
        dest='NO_PROXY',
        action='store_true',
        default=DEFAULT_NO_PROXY,
    )

    parser.add_argument(
        '--password',
        help='FortiOS REST API single-use access token.',
        dest='PASSWORD',
        required=True,
    )

    parser.add_argument(
        '--timeout',
        help=lib.args.help('--timeout') + ' Default: %(default)s (seconds)',
        dest='TIMEOUT',
        type=int,
        default=DEFAULT_TIMEOUT,
    )

    parser.add_argument(
        '-w',
        '--warning',
        help='WARN threshold for CPU usage in percent. '
        'The plugin first checks against the globally configured `cpu-use-threshold` on the '
        'appliance; this value is only used if no global threshold exists. '
        'Default: %(default)s',
        dest='WARN',
        type=int,
        default=DEFAULT_WARN,
    )

    args, _ = parser.parse_known_args()
    return args


def get_from_db(conn, threshold):
    result = lib.base.coe(
        lib.db_sqlite.select(
            conn,
            """
        SELECT count(*) as cnt
        FROM perfdata
        WHERE cpu_usage > :cpu_usage
        """,
            {'cpu_usage': threshold},
            fetchone=True,
        )
    )
    return int(result['cnt'])


def main():
    """The main function. This is where the magic happens."""

    # parse the command line
    try:
        args = parse_args()
    except SystemExit:
        sys.exit(STATE_UNKNOWN)

    # fetch data
    # Resource to get usage data for [cpu|memory|disk|sessions|lograte].
    url = f'https://{args.HOSTNAME}/api/v2/monitor/system/resource/usage?resource=cpu&interval=1-min&access_token={urllib.parse.quote(args.PASSWORD)}'
    result = lib.base.coe(
        lib.url.fetch_json(
            url, insecure=args.INSECURE, no_proxy=args.NO_PROXY, timeout=args.TIMEOUT
        )
    )

    stats = {}
    stats['cpu_usage'] = result['results']['cpu'][0]['current']

    # create the db table
    definition = """
                cpu_usage REAL NOT NULL
        """
    conn = lib.base.coe(
        lib.db_sqlite.connect(
            filename='linuxfabrik-monitoring-plugins-fortios-cpu-usage.db'
        )
    )
    lib.base.coe(lib.db_sqlite.create_table(conn, definition))

    # save trend data to local sqlite database, limited to "count" rows max.
    lib.base.coe(lib.db_sqlite.insert(conn, stats))
    lib.base.coe(lib.db_sqlite.cut(conn, _max=args.COUNT))
    lib.base.coe(lib.db_sqlite.commit(conn))

    # try to get the global configured cpu warning threshold from Forti OS
    # if success, use it, otherwise our from args.WARN etc.
    url = f'https://{args.HOSTNAME}/api/v2/cmdb/system/global?access_token={urllib.parse.quote(args.PASSWORD)}'
    thresholds = lib.base.coe(
        lib.url.fetch_json(
            url, insecure=args.INSECURE, no_proxy=args.NO_PROXY, timeout=args.TIMEOUT
        )
    )
    warn = thresholds['results'].get('cpu-use-threshold', args.WARN)

    # now, calculate the WARN or CRIT.
    # overall state is not ok, if ...
    #   in a row in any column there is a value above the threshold
    #   and this is true for every row
    state = STATE_OK
    if get_from_db(conn, args.CRIT) == args.COUNT:
        state = STATE_CRIT
    elif get_from_db(conn, warn) == args.COUNT:
        state = STATE_WARN
    lib.db_sqlite.close(conn)

    # build the message
    msg = f'{stats["cpu_usage"]}%'
    perfdata = lib.base.get_perfdata(
        'cpu-usage',
        stats['cpu_usage'],
        uom='%',
        warn=warn,
        crit=args.CRIT,
        _min=0,
        _max=100,
    )

    # over and out
    lib.base.oao(msg, state, perfdata, always_ok=args.ALWAYS_OK)


if __name__ == '__main__':
    try:
        main()
    except Exception:
        lib.base.cu()
