# frozen_string_literal: true

require 'securerandom'

# This component sets up the docker-openldap (https://github.com/osixia/docker-openldap)
# image with the proper configuration for GitLab users to login.
#
# By default, the docker-openldap image configures the Docker image with a
# default admin user in the example.org domain. This user does not have a uid
# attribute that GitLab needs to authenticate, so we seed the LDAP server with
# a "tanuki" user via a LDIF file in the fixtures/ldap directory.
#
# The docker-openldap container has a startup script
# (https://github.com/osixia/docker-openldap/blob/v1.1.11/image/service/slapd/startup.sh#L74-L78)
# that looks for custom LDIF files in the BOOTSTRAP_LDIF directory. Note that the LDIF
# files must have a "changetype" option specified for the script to work.
module Gitlab
  module QA
    module Component
      class LDAP < Base
        DOCKER_IMAGE = 'osixia/openldap'
        DOCKER_IMAGE_TAG = 'latest'
        LDAP_USER = 'tanuki'
        LDAP_PASSWORD = 'password'
        BOOTSTRAP_LDIF = '/container/service/slapd/assets/config/bootstrap/ldif/custom'
        FIXTURE_PATH = File.expand_path('../../../../fixtures/ldap', __dir__)

        # LDAP_TLS is true by default
        def tls=(status)
          if status
            @environment['LDAP_TLS_CRT_FILENAME'] = "#{hostname}.crt"
            @environment['LDAP_TLS_KEY_FILENAME'] = "#{hostname}.key"
            @environment['LDAP_TLS_ENFORCE'] = 'true'
            @environment['LDAP_TLS_VERIFY_CLIENT'] = 'never'
          else
            @environment['LDAP_TLS'] = 'false'
          end
        end

        def username
          LDAP_USER
        end

        def password
          LDAP_PASSWORD
        end

        def name
          @name ||= "openldap-#{SecureRandom.hex(4)}"
        end

        def instance
          raise 'Please provide a block!' unless block_given?

          super
        end

        def prepare
          copy_fixtures
          @volumes["#{working_dir_tmp_fixture_path}/ldap"] = BOOTSTRAP_LDIF

          super
        end

        def teardown!
          FileUtils.rm_rf(working_dir_tmp_fixture_path)

          super
        end

        # rubocop:disable Metrics/AbcSize
        def start
          # copy-service needed for bootstraping LDAP user:
          # https://github.com/osixia/docker-openldap#seed-ldap-database-with-ldif
          docker.run(image: image, tag: tag, args: ['--copy-service']) do |command|
            command << '-d '
            command << "--name #{name}"
            command << "--net #{network}"
            command << "--hostname #{hostname}"

            @volumes.to_h.each do |to, from|
              command.volume(to, from, 'Z')
            end

            @environment.to_h.each do |key, value|
              command.env(key, value)
            end

            @network_aliases.to_a.each do |network_alias|
              command << "--network-alias #{network_alias}"
            end
          end
        end
        # rubocop:enable Metrics/AbcSize

        def set_gitlab_credentials
          ::Gitlab::QA::Runtime::Env.ldap_username = username
          ::Gitlab::QA::Runtime::Env.ldap_password = password
        end

        private

        # Temporary fixture dir in working directory
        #
        # @return [String]
        def working_dir_tmp_fixture_path
          @local_fixture_path ||= Dir.mktmpdir('ldap', FileUtils.mkdir_p("#{Dir.pwd}/tmp"))
        end

        # Copy fixtures to current working directory
        # This is needed for docker-in-docker ci environments where mount points outside of build dir are not accessible
        #
        # @return [void]
        def copy_fixtures
          FileUtils.cp_r(FIXTURE_PATH, working_dir_tmp_fixture_path)
        end
      end
    end
  end
end