require 'thor'
require 'thor/aws'

module Sgupdater
  class CLI < Thor
    include Thor::Aws

    class_option :verbose, type: :boolean, default: false, aliases: [:v]

    desc :show, "Show current permissions"
    method_option :from_cidr, type: :string, required: true
    method_option :to_cidr, type: :string, required: false
    method_option :show_account, type: :boolean, required: false, default: false
    def show
      client.get.each {|sg| show_security_groups(sg, options[:from_cidr], options[:to_cidr])}
    end

    desc :update, "Update cidr address"
    method_option :from_cidr, type: :string, required: true
    method_option :to_cidr, type: :string, required: true
    def update
      updated = client.update
      if updated
        puts "Update success"
      else
        puts "No change"
      end
    end

    private
    def client
      @client ||= Client.new options, aws_configuration
    end

    def cidr_in_ip_permission?(ip_permission, cidr)
      ip_permission.ip_ranges.select {|ip| ip.values.include? cidr}.size > 0
    end

    def cidr1_in_ip_permission_and_cidr2_not_in_ip_permission?(ip_permission, cidr1, cidr2)
       cidr1_find = cidr_in_ip_permission?(ip_permission, cidr1)
       cidr2_not_find = !cidr_in_ip_permission?(ip_permission, cidr2)
       cidr1_find && cidr2_not_find
    end

    def ip_ranges_to_ips(ip_ranges)
      ip_ranges.map {|ip_range| ip_range.values}.flatten
    end

    def show_security_groups(sg, from_cidr, to_cidr)
      sg.ip_permissions.each do |perm|
        found = false
        if to_cidr
          found = cidr1_in_ip_permission_and_cidr2_not_in_ip_permission?(perm, from_cidr, to_cidr)
        else
          found = cidr_in_ip_permission?(perm, from_cidr)
        end

        if found
          print "#{sg.owner_id}\t" if options[:show_account]
          puts [aws_configuration[:region], sg.vpc_id || '(classic)', sg.group_id, sg.group_name, perm.from_port, perm.to_port, ip_ranges_to_ips(perm.ip_ranges).join(",")].join("\t")
        end
      end
    end
  end
end