#--
# Copyright (c) 2010-2012 RightScale Inc
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#++

#
# You must have Beta v1.5 API access to use these internal API calls.
#
class McSecurityGroup
  include RightScale::Api::Gateway
  extend RightScale::Api::GatewayExtend

  deny_methods :update

  def resource_plural_name
    "security_groups"
  end

  def resource_singular_name
    "security_group"
  end

  def self.resource_plural_name
    "security_groups"
  end

  def self.resource_singular_name
    "security_group"
  end

  def self.parse_args(cloud_id)
    "clouds/#{cloud_id}/"
  end

  def self.filters
    [:name, :resource_uid]
  end

  # NOTE: Create & Destroy require "security_manager" permissions
  def self.create(cloud_id, opts={})
    url = "#{parse_args(cloud_id)}#{self.resource_plural_name}"
    location = connection.post(url, self.resource_singular_name.to_sym => opts)
    newrecord = self.new('links' => [ {'rel' => 'self', 'href' => location } ])

    rules = opts[:rules] || opts["rules"]
    [rules].flatten.each { |rule_hash| newrecord.add_rule(rule_hash) } if rules

    newrecord.reload
    newrecord
  end

  def rules
    self.load(SecurityGroupRule)
  end

  def add_rule(opts={})
    opts.each { |k,v| opts["#{k}".to_sym] = v }
    fields = [
      {"1.0" => :owner,     "1.5" => :group_owner},         # optional
      {"1.0" => :group,     "1.5" => :group_name},          # optional
      {"1.0" => :cidr_ip,   "1.5" => :cidr_ips},            # optional
      {"1.0" => :protocol,  "1.5" => :protocol},            # "tcp" || "udp" || "icmp"
      {"1.0" => :from_port, "1.5" => :start_port},          # optional
      {"1.0" => :to_port,   "1.5" => :end_port},            # optional
      {                     "1.5" => :source_type},         # "cidr_ips" || "group"
      {                     "1.5" => :icmp_code},           # optional
      {                     "1.5" => :icmp_type},           # optional
      {                     "1.5" => :security_group_href}, # optional
    ]
    unless opts[:protocol]
      raise ArgumentError.new("add_rule requires the 'protocol' option")
    end
    params = {
      :source_type => ((opts[:cidr_ip] || opts[:cidr_ips]) ? "cidr_ips" : "group"),
      :security_group_href => self.href,
      :protocol_details => {}
    }

    fields.each { |ver|
      next unless val = opts[ver["1.0"]] || opts[ver["1.5"]]
      if ver["1.5"].to_s =~ /port|icmp/
        params[:protocol_details][ver["1.5"]] = val
      else
        params[ver["1.5"]] = val
      end
    }

    SecurityGroupRule.create(params)
  end

  def remove_rules_by_filters(filters={})
    rules_to_delete = rules
    filters.each do |filter,regex|
      @rules.reject! { |rule| rule[filter] =~ Regexp.new(regex) }
    end
    @rules.each { |rule| rule.destroy }
  end
end