#!/usr/bin/ruby

require 'rubyqa'
require 'erb'

include RubyQA

info_template = ERB.new <<EOF, trim_mode: '-'
==============================================
Test : <%= @name %>
==============================================

<% @tests.each do |hostname,data| -%>
<%= hostname %>
----------------------------------------------
         Serials: <%= data[:context][:serial] %>
     System Date: <%= data[:context][:date] %>
         HWCLOCK: <%= data[:context][:hwclock] %>
        Timezone: <%= data[:context][:timezone] %>
  eSocket Status: <%= data[:context][:esocket_status] %>
   eSocket Patch: <%= data[:context][:esocket_patch] %>
   keystore md5s: 
<% data[:context][:keystore_md5s].each do |line| -%>
     - <%= line %>
<% end -%>
<% end -%>
EOF
Manager.new_test("Get Information", template: info_template){|host,context|
  serial_matcher = /\"(\S+)\"/
  serials = host.exec("sudo facter 2>/dev/null | grep serial | cut -d '>' -f 2 | tr -d ','")

  context[:serial]   = serials.scan(serial_matcher).map{|serial| "\"#{serial.first}\""}.join(',')
  context[:date]     = Time.parse(host.exec('date').strip)
  context[:hwclock]  = Time.parse(host.exec('sudo hwclock').strip)
  context[:timezone] = host.exec('readlink -f /etc/localtime').strip.gsub(/(\/usr\/share|\/etc)\/zoneinfo\//,'')
  context[:esocket_status] = host.exec('sudo lxc-attach -n ${HOSTNAME/red?/aci0} -- systemctl is-active esocket').strip
  context[:esocket_patch] = host.exec('sudo lxc-attach -n ${HOSTNAME/red?/aci0} -- ls -1 /home/esocket/eSocket.POS').split(/\n/).select{|line| line =~ /patch/}.last
  context[:keystore_md5s] = host.exec('sudo lxc-attach -n ${HOSTNAME/red?/aci0} -- md5sum /home/esocket/eSocket.POS/keystore/*').split(/\n/).map(&:strip)
}

firewall_template = ERB.new <<EOF, trim_mode: '-'
==============================================
Test : <%= @name %>
==============================================
<% @tests.each do |hostname,data| -%>
<%= hostname %>
----------------------------------------------
<% data[:context][:chains].each do |name, info| -%>
  Chain <%= name %>
<% info.each do |rule| -%>
    <%= rule[:line] %>  
<% end -%>
<% end -%>

<% end -%>
EOF

filter_regex = /^target/
chain_regex = /Chain (?<name>\S+)/
rule_regex = /(?<target>\S+)[[:space:]]+(?<protocols>\S+)[[:space:]]+(?<opts>\S+)[[:space:]]+(?<source>\S+)[[:space:]]+(?<destination>\S+)/
Manager.new_test("Firewall Forward Rules", template: firewall_template) {|host,context|
  host_firewall_rules = host.exec("sudo itptables -L FORWARD")
  context[:chains]=Hash.new

  current_chain = ""
  host_firewall_rules.split(/\n/).each do |line|
    case line
      when chain_regex
        info = chain_regex.match(line)
        current_chain = info['name']
        context[:chains][current_chain] = Array.new

      when filter_regex
        next

      when rule_regex
        rule = Hash.new
        info = rule_regex.match(line)
        rule[:target]=info['target']
        rule[:source]=info['source']
        rule[:destination]=info['destination']
        rule[:protocols]=info['protocols']
        rule[:line]=line
        context[:chains][current_chain] << rule
    end
  end
}

Manager.new_test("Check if hostname is correctly configured") {|host,context|
  pass = true
  name = host.name
  hosts = host.exec("cat /etc/hosts")
  hostname = host.exec("cat /etc/hostname").strip
  not_configured_in = Array.new

  if not hosts =~ /127\.0\.0\.1.*#{name}/
    pass = false
    not_configured_in << "/etc/hosts"
  end

  if not hostname =~ /#{name}/
    pass = false
    not_configured_in << "/etc/hostname"
  end

  if not_configured_in.count > 0
    context[:note] = "Hostname was not configured in #{not_configured_in.join(',')}"
  end

  pass
}

Manager.new_test("Puppet Certs Generated") {|host|

}

Manager.new_test("OpenVPN Certs Generated") {|host, context|
  listing = host.exec('ls -1 /etc/openvpn/mgmt/easy-rsa/keys/')
  files_not_generated = Array.new
  pass = true

  if ! listing =~ /my.crt/
    pass = false
    files_not_generated << 'my.crt'
  end

  if ! listing =~ /my.key/
    pass = false
    files_not_generated << 'my.key'
  end

  if not pass
    context[:note] = "Files not created: #{files_not_generated.join(',')}"
  end

  pass
  
}

Manager.new_test("Ensure netcat installed on aci, prx & host"){|host, context|
  pass = true

  aci_listing = host.exec("sudo lxc-attach -n ${HOSTNAME/red?/aci0} -- apt list --installed")
  prx_listing = host.exec("sudo lxc-attach -n ${HOSTNAME/red?/prx0} -- apt list --installed")
  host_listing = host.exec("sudo apt list --installed")
  not_installed_on = Array.new

  if not aci_listing =~ /netcat/
    not_installed_on << "aci"
  end

  if not prx_listing =~ /netcat/
    not_installed_on << "prx"
  end

  if not host_listing =~ /netcat/
    not_installed_on << "host"
  end

  if not_installed_on.count > 0
    pass = false
    context[:note] = "netcat not installed on #{not_installed_on.join(',')}"
  end

  pass
}