module OpenStack

class Connection

    attr_reader   :authuser
    attr_reader   :authtenant
    attr_reader   :authkey
    attr_reader   :auth_method
    attr_accessor :authtoken
    attr_accessor :authok
    attr_accessor :service_host
    attr_accessor :service_path
    attr_accessor :service_port
    attr_accessor :service_scheme
    attr_accessor :quantum_version
    attr_reader   :retries
    attr_reader   :auth_host
    attr_reader   :auth_port
    attr_reader   :auth_scheme
    attr_reader   :auth_path
    attr_reader   :service_name
    attr_reader   :service_type
    attr_reader   :proxy_host
    attr_reader   :proxy_port
    attr_reader   :ca_cert
    attr_reader   :ssl_version
    attr_reader   :region
    attr_reader   :regions_list #e.g. os.connection.regions_list == {"region-a.geo-1" => [ {:service=>"object-store", :versionId=>"1.0"}, {:service=>"identity", :versionId=>"2.0"}], "region-b.geo-1"=>[{:service=>"identity", :versionId=>"2.0"}] }

    attr_reader   :http
    attr_reader   :is_debug
    attr_reader   :endpoint_type

    # Creates and returns a new Connection object, depending on the service_type
    # passed in the options:
    #
    # e.g:
    # os = OpenStack::Connection.create({:username => "herp@derp.com", :api_key=>"password",
    #               :auth_url => "https://region-a.geo-1.identity.cloudsvc.com:35357/v2.0/",
    #               :authtenant=>"herp@derp.com-default-tenant", :service_type=>"object-store")
    #
    # Will return an OpenStack::Swift::Connection object.
    #
    #   options hash:
    #
    #   :auth_method - Type of authentication - 'password', 'key', 'rax-kskey' - defaults to 'password'
    #   :username - Your OpenStack username or public key, depending on auth_method. *required*
    #   :authtenant_name OR :authtenant_id - Your OpenStack tenant name or id *required*. Defaults to username.
    #     passing :authtenant will default to using that parameter as tenant name.
    #   :api_key - Your OpenStack API key *required* (either private key or password, depending on auth_method)
    #   :auth_url - Configurable auth_url endpoint.
    #   :service_name - (Optional for v2.0 auth only). The optional name of the compute service to use.
    #   :service_type - (Optional for v2.0 auth only). Defaults to "compute"
    #   :region - (Optional for v2.0 auth only). The specific service region to use. Defaults to first returned region.
    #   :retry_auth - Whether to retry if your auth token expires (defaults to true)
    #   :proxy_host - If you need to connect through a proxy, supply the hostname here
    #   :proxy_port - If you need to connect through a proxy, supply the port here
    #   :ca_cert - path to a CA chain in PEM format
    #   :ssl_version - explicitly set an version (:SSLv3 etc, see  OpenSSL::SSL::SSLContext::METHODS)
    #   :is_debug - Only for development purpose for debug output
    #
    # The options hash is used to create a new OpenStack::Connection object
    # (private constructor) and this is passed to the constructor of OpenStack::Compute::Connection
    # or OpenStack::Swift::Connection (depending on :service_type) where authentication is done using
    # OpenStack::Authentication.
    #
    def self.create(options = {:retry_auth => true})
      #call private constructor and grab instance vars
      connection = new(options)
      case connection.service_type
        when "compute"
          OpenStack::Compute::Connection.new(connection)
        when "object-store"
          OpenStack::Swift::Connection.new(connection)
        when "volume"
          OpenStack::Volume::Connection.new(connection)
        when "image"
          OpenStack::Image::Connection.new(connection)
        when "network"
          OpenStack::Network::Connection.new(connection)
        when "identity"
          OpenStack::Identity::Connection.new(connection)
       else
          raise Exception::InvalidArgument, "Invalid :service_type parameter: #{@service_type}"
      end
    end

    private_class_method :new

    def initialize(options = {:retry_auth => true})
      @retries = options[:retries] || 3
      @authuser = options[:username] || (raise Exception::MissingArgument, "Must supply a :username")
      @authkey = options[:api_key] || (raise Exception::MissingArgument, "Must supply an :api_key")
      @auth_url = options[:auth_url] || (raise Exception::MissingArgument, "Must supply an :auth_url")
      @authtenant = (options[:authtenant_id])? {:type => "tenantId", :value=>options[:authtenant_id]} : {:type=>"tenantName", :value=>(options[:authtenant_name] || options[:authtenant] || @authuser)}
      @auth_method = options[:auth_method] || "password"
      @service_name = options[:service_name] || nil
      @service_type = options[:service_type] || "compute"
      @region = options[:region] || @region = nil
      @regions_list = {} # this is populated during authentication - from the returned service catalogue
      @is_debug = options[:is_debug]
      auth_uri=nil
      begin
        auth_uri=URI.parse(@auth_url)
      rescue Exception => e
        raise Exception::InvalidArgument, "Invalid :auth_url parameter: #{e.message}"
      end
      raise Exception::InvalidArgument, "Invalid :auth_url parameter." if auth_uri.nil? or auth_uri.host.nil?
      @auth_host = auth_uri.host
      @auth_port = auth_uri.port
      @auth_scheme = auth_uri.scheme
      @auth_path = auth_uri.path
      @retry_auth = options[:retry_auth]
      @proxy_host = options[:proxy_host]
      @proxy_port = options[:proxy_port]
      @ca_cert = options[:ca_cert]
      @ssl_version = options[:ssl_version]
      @authok = false
      @http = {}
      @quantum_version = 'v2.0' if @service_type == 'network'
      @endpoint_type = options[:endpoint_type] || "publicURL"
    end

    #specialised from of csreq for PUT object... uses body_stream if possible
    def put_object(server,path,port,scheme,headers = {},data = nil,attempts = 0) # :nodoc:

      tries = @retries
      time = 3

      if data.respond_to? :read
        headers['Transfer-Encoding'] = 'chunked'
        hdrhash = headerprep(headers)
        request = Net::HTTP::Put.new(path,hdrhash)
        chunked = OpenStack::Swift::ChunkedConnectionWrapper.new(data, 65535)
        request.body_stream = chunked
      else
        headers['Content-Length'] = (data.respond_to?(:lstat))? data.lstat.size.to_s : ((data.respond_to?(:size))? data.size.to_s : "0")
        hdrhash = headerprep(headers)
        request = Net::HTTP::Put.new(path,hdrhash)
        request.body = data
      end
      start_http(server,path,port,scheme,hdrhash)
      response = @http[server].request(request)
      if @is_debug
          puts "REQUEST: #{method} => #{path}"
          puts data if data
          puts "RESPONSE: #{response.body}"
          puts '----------------------------------------'
      end
      raise OpenStack::Exception::ExpiredAuthToken if response.code == "401"
      response
    rescue Errno::EPIPE, Timeout::Error, Errno::EINVAL, EOFError
      # Server closed the connection, retry
      puts "Can't connect to the server: #{tries} tries to reconnect" if @is_debug
      sleep time += 1
      @http[server].finish if @http[server].started?
      retry unless (tries -= 1) <= 0
      raise OpenStack::Exception::Connection, "Unable to connect to #{server} after #{@retries} retries"

    rescue OpenStack::Exception::ExpiredAuthToken
      raise OpenStack::Exception::Connection, "Authentication token expired and you have requested not to retry" if @retry_auth == false
      OpenStack::Authentication.init(self)
      retry
    end


    # This method actually makes the HTTP REST calls out to the server
    def csreq(method,server,path,port,scheme,headers = {},data = nil,attempts = 0, &block) # :nodoc:
      tries = @retries
      time = 3

      hdrhash = headerprep(headers)
      start_http(server,path,port,scheme,hdrhash)
      request = Net::HTTP.const_get(method.to_s.capitalize).new(path,hdrhash)
      request.body = data
      if block_given?
        response =  @http[server].request(request) do |res|
          res.read_body do |b|
            yield b
          end
        end
      else
        response = @http[server].request(request)
      end
      if @is_debug
          puts "REQUEST: #{auth_method} => #{path}"
          puts data if data
          puts "RESPONSE: #{response.body}"
          puts '----------------------------------------'
      end
      raise OpenStack::Exception::ExpiredAuthToken if response.code == "401"
      response
    rescue Errno::EPIPE, Timeout::Error, Errno::EINVAL, EOFError
      # Server closed the connection, retry
      puts "Can't connect to the server: #{tries} tries to reconnect" if @is_debug
      sleep time += 1
      @http[server].finish if @http[server].started?
      retry unless (tries -= 1) <= 0
      raise OpenStack::Exception::Connection, "Unable to connect to #{server} after #{@retries} retries"
    rescue OpenStack::Exception::ExpiredAuthToken
      raise OpenStack::Exception::Connection, "Authentication token expired and you have requested not to retry" if @retry_auth == false
      OpenStack::Authentication.init(self)
      retry
    end

    # This is a much more sane way to make a http request to the api.
    # Example: res = conn.req('GET', "/servers/#{id}")
    def req(method, path, options = {})
      server   = options[:server]   || @service_host
      port     = options[:port]     || @service_port
      scheme   = options[:scheme]   || @service_scheme
      headers  = options[:headers]  || {'content-type' => 'application/json'}
      data     = options[:data]
      attempts = options[:attempts] || 0
      path = @service_path + @quantum_version.to_s + path
      res = csreq(method,server,path,port,scheme,headers,data,attempts)
      res.code.match(/^20.$/) ? (return res) : OpenStack::Exception.raise_exception(res)
    end

    private

    # Sets up standard HTTP headers
    def headerprep(headers = {}) # :nodoc:
      default_headers = {}
      default_headers["X-Auth-Token"] = @authtoken if authok
      default_headers["X-Storage-Token"] = @authtoken if authok
      default_headers["Connection"] = "Keep-Alive"
      default_headers["User-Agent"] = "OpenStack Ruby API #{OpenStack::VERSION}"
      default_headers["Accept"] = "application/json"
      default_headers.merge(headers)
    end

    # Starts (or restarts) the HTTP connection
    def start_http(server,path,port,scheme,headers) # :nodoc:

      tries = @retries
      time = 3

      if (@http[server].nil?)
        begin
          @http[server] = Net::HTTP::Proxy(@proxy_host, @proxy_port).new(server,port)
          if scheme == "https"
            @http[server].use_ssl = true
            @http[server].verify_mode = OpenSSL::SSL::VERIFY_NONE

            # use the ca_cert if were given one, and make sure we verify!
            if ! @ca_cert.nil?
              @http[server].ca_file = @ca_cert
              @http[server].verify_mode = OpenSSL::SSL::VERIFY_PEER
            end

            # explicitly set the SSL version to use
            @http[server].ssl_version= @ssl_version if ! @ssl_version.nil?
          end
          @http[server].start
        rescue
          puts "Can't connect to the server: #{tries} tries to reconnect" if @is_debug
          sleep time += 1
          retry unless (tries -= 1) <= 0
          raise OpenStack::Exception::Connection, "Unable to connect to #{server}"
        end
      end
    end

end #end class Connection

#============================
# OpenStack::Authentication
#============================

class Authentication

  # Performs an authentication to the OpenStack auth server.
  # If it succeeds, it sets the service_host, service_path, service_port,
  # service_scheme, authtoken, and authok variables on the connection.
  # If it fails, it raises an exception.

  def self.init(conn)
    if conn.auth_path =~ /.*v2.0\/?$/
      AuthV20.new(conn)
    else
      AuthV10.new(conn)
    end
  end

end

 private
class AuthV20
  attr_reader :uri
  attr_reader :version
  def initialize(connection)

    tries = connection.retries
    time = 3

    begin
      server = Net::HTTP::Proxy(connection.proxy_host, connection.proxy_port).new(connection.auth_host, connection.auth_port)
      if connection.auth_scheme == "https"
        server.use_ssl = true
        server.verify_mode = OpenSSL::SSL::VERIFY_NONE

        # use the ca_cert if were given one, and make sure we verify!
        if !connection.ca_cert.nil?
          server.ca_file = connection.ca_cert
          server.verify_mode = OpenSSL::SSL::VERIFY_PEER
        end

        # explicitly set the SSL version to use
        server.ssl_version = connection.ssl_version if !connection.ssl_version.nil?
      end
      server.start
    rescue
      puts "Can't connect to the server: #{tries} tries  to reconnect" if connection.is_debug
      sleep time += 1
      retry unless (tries -= 1) <= 0
      raise OpenStack::Exception::Connection, "Unable to connect to  #{server}"
    end

    @uri = String.new

    case connection.auth_method
      when "password"
        auth_data = JSON.generate({ "auth" =>  { "passwordCredentials" => { "username" => connection.authuser, "password" => connection.authkey }, connection.authtenant[:type] => connection.authtenant[:value]}})
      when "rax-kskey"
        auth_data = JSON.generate({"auth" => {"RAX-KSKEY:apiKeyCredentials" => {"username" => connection.authuser, "apiKey" => connection.authkey}}})
      when "key"
        auth_data = JSON.generate({"auth" => { "apiAccessKeyCredentials" => {"accessKey" => connection.authuser, "secretKey" => connection.authkey}, connection.authtenant[:type] => connection.authtenant[:value]}})
      else
        raise Exception::InvalidArgument, "Unrecognized auth method #{connection.auth_method}"
    end

    response = server.post(connection.auth_path.chomp("/")+"/tokens", auth_data, {'Content-Type' => 'application/json'})
    if (response.code =~ /^20./)
      resp_data=JSON.parse(response.body)
      connection.authtoken = resp_data['access']['token']['id']
      implemented_services = resp_data["access"]["serviceCatalog"].inject([]){|res, current| res << current["type"] ;res}
      raise OpenStack::Exception::NotImplemented.new("The requested service: \"#{connection.service_type}\" is not present " +
        "in the returned service catalogue.", 501, "#{resp_data["access"]["serviceCatalog"]}") unless implemented_services.include?(connection.service_type)
      resp_data['access']['serviceCatalog'].each do |service|
        service["endpoints"].each do |endpoint|
          connection.regions_list[endpoint["region"]] ||= []
          connection.regions_list[endpoint["region"]] << {:service=>service["type"], :versionId => endpoint["versionId"]}
        end
        if connection.service_name
          check_service_name = connection.service_name
        else
          check_service_name = service['name']
        end
        if service['type'] == connection.service_type and service['name'] == check_service_name
          endpoints = service["endpoints"]
          if connection.region
            endpoints.each do |ep|
              if ep["region"] and ep["region"].upcase == connection.region.upcase
                @uri = URI.parse(ep[connection.endpoint_type])
              end
            end
          else
            @uri = URI.parse(endpoints[0][connection.endpoint_type])
          end
          if @uri == ""
            raise OpenStack::Exception::Authentication, "No API endpoint for region #{connection.region}"
          else
            if @version #already got one version of endpoints
              current_version = get_version_from_response(service,connection.endpoint_type)
              if @version.to_f > current_version.to_f
                next
              end
            end
            #grab version to check next time round for multi-version deployments
            @version = get_version_from_response(service,connection.endpoint_type)
            connection.service_host = @uri.host
            connection.service_path = @uri.path
            connection.service_port = @uri.port
            connection.service_scheme = @uri.scheme
            connection.authok = true
          end
        end
      end
    else
      connection.authtoken = false
      raise OpenStack::Exception::Authentication, "Authentication failed with response code #{response.code}"
    end
    server.finish if server.started?
  end

  def get_version_from_response(service,endpoint_type)
    service["endpoints"].first["versionId"] || parse_version_from_endpoint(service["endpoints"].first[endpoint_type])
  end

  #IN  --> https://az-2.region-a.geo-1.compute.hpcloudsvc.com/v1.1/46871569847393
  #OUT --> "1.1"
  def parse_version_from_endpoint(endpoint)
    endpoint.match(/\/v(\d).(\d)/).to_s.sub("/v", "")
  end

end

class AuthV10

  def initialize(connection)

    tries = connection.retries
    time = 3

    hdrhash = { "X-Auth-User" => connection.authuser, "X-Auth-Key" => connection.authkey }
    begin
      server = Net::HTTP::Proxy(connection.proxy_host, connection.proxy_port).new(connection.auth_host, connection.auth_port)
      if connection.auth_scheme == "https"
        server.use_ssl = true
        server.verify_mode = OpenSSL::SSL::VERIFY_NONE

        # use the ca_cert if were given one, and make sure to verify!
        if !connection.ca_cert.nil?
          server.ca_file = connection.ca_cert
          server.verify_mode = OpenSSL::SSL::VERIFY_PEER
        end

        # explicitly set the SSL version to use
        server.ssl_version = connection.ssl_version if !connection.ssl_version.nil?
      end
      server.start
    rescue
      puts "Can't connect to the server: #{tries} tries  to reconnect" if connection.is_debug
      sleep time += 1
      retry unless (tries -= 1) <= 0
      raise OpenStack::Exception::Connection, "Unable to connect to #{server}"
    end

    response = server.get(connection.auth_path, hdrhash)

    if (response.code =~ /^20./)
      connection.authtoken = response["x-auth-token"]
      case connection.service_type
        when "compute"
          uri = URI.parse(response["x-server-management-url"])
        when "object-store"
          uri = URI.parse(response["x-storage-url"])
      end
      raise OpenStack::Exception::Authentication, "Unexpected Response from  #{connection.auth_host} - couldn't get service URLs: \"x-server-management-url\" is: #{response["x-server-management-url"]} and \"x-storage-url\" is: #{response["x-storage-url"]}"  if (uri.host.nil? || uri.host=="")
      connection.service_host = uri.host
      connection.service_path = uri.path
      connection.service_port = uri.port
      connection.service_scheme = uri.scheme
      connection.authok = true
    else
      connection.authok = false
      raise OpenStack::Exception::Authentication, "Authentication failed with response code #{response.code}"
    end
    server.finish
  end

end


#============================
# OpenStack::Exception
#============================

class Exception

  class ComputeError < StandardError

    attr_reader :response_body
    attr_reader :response_code

    def initialize(message, code, response_body)
      @response_code=code
      @response_body=response_body
      super(message)
    end

  end

  class ComputeFault                < ComputeError # :nodoc:
  end
  class ServiceUnavailable          < ComputeError # :nodoc:
  end
  class Unauthorized                < ComputeError # :nodoc:
  end
  class BadRequest                  < ComputeError # :nodoc:
  end
  class OverLimit                   < ComputeError # :nodoc:
  end
  class BadMediaType                < ComputeError # :nodoc:
  end
  class BadMethod                   < ComputeError # :nodoc:
  end
  class ItemNotFound                < ComputeError # :nodoc:
  end
  class BuildInProgress             < ComputeError # :nodoc:
  end
  class ServerCapacityUnavailable   < ComputeError # :nodoc:
  end
  class BackupOrResizeInProgress    < ComputeError # :nodoc:
  end
  class ResizeNotAllowed            < ComputeError # :nodoc:
  end
  class NotImplemented              < ComputeError # :nodoc:
  end
  class Other                       < ComputeError # :nodoc:
  end
  class ResourceStateConflict       < ComputeError # :nodoc:
  end
  class QuantumError                < ComputeError # :nodoc:
  end

  # Plus some others that we define here

  class ExpiredAuthToken            < StandardError # :nodoc:
  end
  class MissingArgument             < StandardError # :nodoc:
  end
  class InvalidArgument             < StandardError # :nodoc:
  end
  class TooManyPersonalityItems     < StandardError # :nodoc:
  end
  class PersonalityFilePathTooLong  < StandardError # :nodoc:
  end
  class PersonalityFileTooLarge     < StandardError # :nodoc:
  end
  class Authentication              < StandardError # :nodoc:
  end
  class Connection                  < StandardError # :nodoc:
  end

  # In the event of a non-200 HTTP status code, this method takes the HTTP response, parses
  # the JSON from the body to get more information about the exception, then raises the
  # proper error.  Note that all exceptions are scoped in the OpenStack::Compute::Exception namespace.
  def self.raise_exception(response)
    return if response.code =~ /^20.$/
    begin
      fault = nil
      info = nil
      if response.body.nil? && response.code == "404" #HEAD ops no body returned
        exception_class = self.const_get("ItemNotFound")
        raise exception_class.new("The resource could not be found", "404", "")
      else
        JSON.parse(response.body).each_pair do |key, val|
          fault=key
          info=val
        end
        exception_class = self.const_get(fault[0,1].capitalize+fault[1,fault.length])
        raise exception_class.new((info["message"] || info), response.code, response.body)
      end
    rescue JSON::ParserError => parse_error
        deal_with_faulty_error(response, parse_error)
    rescue NameError
      raise OpenStack::Exception::Other.new("The server returned status #{response.code}", response.code, response.body)
    end
  end

  private

  #e.g. os.delete("non-existant") ==> response.body is:
  # "404 Not Found\n\nThe resource could not be found.\n\n   "
  # which doesn't parse. Deal with such cases here if possible (JSON::ParserError)
  def self.deal_with_faulty_error(response, parse_error)
    case response.code
    when "404"
      klass = self.const_get("ItemNotFound")
      msg = "The resource could not be found"
    when "409"
      klass = self.const_get("ResourceStateConflict")
      msg = "There was a conflict with the state of the resource"
    else
      klass = self.const_get("Other")
      msg = "Oops - not sure what happened: #{parse_error}"
    end
    raise klass.new(msg, response.code.to_s, response.body)
  end
end

end