#!/usr/bin/env python3
# -*- coding: utf-8; py-indent-offset: 4 -*-
#
# Author:  Linuxfabrik GmbH, Zurich, Switzerland
# Contact: info (at) linuxfabrik (dot) ch
#          https://www.linuxfabrik.ch/
# License: The Unlicense, see LICENSE file.

# https://github.com/Linuxfabrik/monitoring-plugins/blob/main/CONTRIBUTING.md

"""See the check's README for more details."""

import argparse
import sys

import lib.args
import lib.base
import lib.human
import lib.keycloak
from lib.globals import STATE_OK, STATE_UNKNOWN

__author__ = 'Linuxfabrik GmbH, Zurich/Switzerland'
__version__ = '2025100601'

DESCRIPTION = """Monitors Java heap and non-heap memory usage of a Keycloak server via its HTTP API.
Alerts when memory usage exceeds the configured thresholds. Tested with Keycloak 18
and later."""

DEFAULT_CLIENT_ID = 'admin-cli'
DEFAULT_CRIT = 90
DEFAULT_INSECURE = False
DEFAULT_NO_PROXY = False
# Keycloak's install-time default password, not a real secret.
DEFAULT_PASSWORD = 'admin'  # nosec B105
DEFAULT_REALM = 'master'
DEFAULT_TIMEOUT = 8
DEFAULT_URL = 'http://127.0.0.1:8080'
DEFAULT_USERNAME = 'admin'
DEFAULT_WARN = 80


def parse_args():
    """Parse command line arguments using argparse."""
    parser = argparse.ArgumentParser(description=DESCRIPTION)

    parser.add_argument(
        '-V',
        '--version',
        action='version',
        version=f'%(prog)s: v{__version__} by {__author__}',
    )

    parser.add_argument(
        '--always-ok',
        help=lib.args.help('--always-ok'),
        dest='ALWAYS_OK',
        action='store_true',
        default=False,
    )

    parser.add_argument(
        '--client-id',
        help='Keycloak API Client-ID. Default: %(default)s',
        dest='CLIENT_ID',
        default=DEFAULT_CLIENT_ID,
    )

    parser.add_argument(
        '--critical',
        help=lib.args.help('--critical') + ' Default: >= %(default)s',
        dest='CRIT',
        default=DEFAULT_CRIT,
    )

    parser.add_argument(
        '--insecure',
        help=lib.args.help('--insecure'),
        dest='INSECURE',
        action='store_true',
        default=DEFAULT_INSECURE,
    )

    parser.add_argument(
        '--no-proxy',
        help=lib.args.help('--no-proxy'),
        dest='NO_PROXY',
        action='store_true',
        default=DEFAULT_NO_PROXY,
    )

    parser.add_argument(
        '-p',
        '--password',
        help='Keycloak API password. Default: %(default)s',
        dest='PASSWORD',
        default=DEFAULT_PASSWORD,
    )

    parser.add_argument(
        '--realm',
        help='Keycloak API realm. Default: %(default)s',
        dest='REALM',
        default=DEFAULT_REALM,
    )

    parser.add_argument(
        '--timeout',
        help=lib.args.help('--timeout') + ' Default: %(default)s (seconds)',
        dest='TIMEOUT',
        type=int,
        default=DEFAULT_TIMEOUT,
    )

    parser.add_argument(
        '--url',
        help='Keycloak API URL. Default: %(default)s',
        dest='URL',
        default=DEFAULT_URL,
    )

    parser.add_argument(
        '--username',
        help='Keycloak API username. Default: %(default)s',
        dest='USERNAME',
        default=DEFAULT_USERNAME,
    )

    parser.add_argument(
        '--warning',
        help=lib.args.help('--warning') + ' Default: >= %(default)s',
        dest='WARN',
        default=DEFAULT_WARN,
    )

    args, _ = parser.parse_known_args()
    return args


def main():
    """The main function. This is where the magic happens."""

    # parse the command line
    try:
        args = parse_args()
    except SystemExit:
        sys.exit(STATE_UNKNOWN)

    # init some vars
    msg = ''
    state = STATE_OK
    perfdata = ''

    # fetch data
    # Discover the OIDC endpoints for the realm (no authentication needed),
    # obtain an admin access token and call the Admin REST API (fetch the realm's details).
    oidc_config = lib.base.coe(lib.keycloak.discover_oidc_endpoints(args))
    admin_token = lib.base.coe(lib.keycloak.obtain_admin_token(args, oidc_config))
    server_info = lib.base.coe(
        lib.keycloak.get_data(args, admin_token, '/admin/serverinfo')
    )

    # analyze data
    try:
        mem_used = server_info.get('memoryInfo').get('used')
        mem_total = server_info.get('memoryInfo').get('total')
        mem_free = server_info.get('memoryInfo').get('free')
        used_percent = 100 - server_info.get('memoryInfo').get('freePercentage')
    except (TypeError, AttributeError) as e:
        lib.base.cu(f'An error occurred during processing of data from Keycloak: {e}')

    # build the message
    state = lib.base.get_state(used_percent, args.WARN, args.CRIT, _operator='ge')
    msg += f'{used_percent}%{lib.base.state2str(state, prefix=" ")} - '
    msg += f'total: {lib.human.bytes2human(mem_total)}, '
    msg += f'used: {lib.human.bytes2human(mem_used)}, '
    msg += f'free: {lib.human.bytes2human(mem_free)}'

    perfdata += lib.base.get_perfdata(
        'usage_percent',
        used_percent,
        uom='%',
        warn=args.WARN,
        crit=args.CRIT,
        _min=0,
        _max=100,
    )
    perfdata += lib.base.get_perfdata(
        'total',
        mem_total,
        uom='B',
        warn=None,
        crit=None,
        _min=0,
        _max=mem_total,
    )
    perfdata += lib.base.get_perfdata(
        'used',
        mem_used,
        uom='B',
        warn=None,
        crit=None,
        _min=0,
        _max=mem_total,
    )
    perfdata += lib.base.get_perfdata(
        'free',
        mem_free,
        uom='B',
        warn=None,
        crit=None,
        _min=0,
        _max=mem_total,
    )

    # over and out
    lib.base.oao(msg, state, perfdata, always_ok=args.ALWAYS_OK)


if __name__ == '__main__':
    try:
        main()
    except Exception:
        lib.base.cu()
