import logging


def __virtual__():
    return 'keystonev3' if 'keystonev3.endpoint_list' in __salt__ else False  # noqa


log = logging.getLogger(__name__)


def _keystonev3_call(fname, *args, **kwargs):
    return __salt__['keystonev3.{}'.format(fname)](*args, **kwargs)  # noqa


def endpoint_present(name, url, interface, service_id, cloud_name, **kwargs):

    service_id = _keystonev3_call(
        'service_get_details', service_id,
        cloud_name=cloud_name)['service']['id']

    endpoints = _keystonev3_call(
        'endpoint_list', name=name, service_id=service_id, interface=interface,
        cloud_name=cloud_name)['endpoints']

    if not endpoints:
        try:
            resp = _keystonev3_call(
                'endpoint_create', url=url, interface=interface,
                service_id=service_id, cloud_name=cloud_name, **kwargs
            )
        except Exception as e:
            log.error('Keystone endpoint create failed with {}'.format(e))
            return _create_failed(name, 'endpoint')
        return _created(name, 'endpoint', resp)
    elif len(endpoints) == 1:
        exact_endpoint = endpoints[0]
        endpoint_id = exact_endpoint['id']
        changable = (
            'url', 'region', 'interface', 'service_id'
        )
        to_update = {}
        to_check = {'url': url}
        to_check.update(kwargs)

        for key in to_check:
            if (key in changable and (key not in exact_endpoint or
                                      to_check[key] != exact_endpoint[key])):
                to_update[key] = to_check[key]
        if to_update:
            try:
                resp = _keystonev3_call(
                    'endpoint_update', endpoint_id=endpoint_id,
                    cloud_name=cloud_name, **to_update
                )
            except Exception as e:
                log.error('Keystone endpoint update failed with {}'.format(e))
                return _update_failed(name, 'endpoint')
            return _updated(name, 'endpoint', resp)
        else:
            return _no_changes(name, 'endpoint')
    else:
        return _find_failed(name, 'endpoint')


def endpoint_absent(name, service_id, interface, cloud_name):

    try:
        service_id = _keystonev3_call(
            'service_get_details', service_id,
            cloud_name=cloud_name)['service']['id']

    except Exception as e:
        if 'ResourceNotFound' in repr(e):
            return _absent(name, 'service')

    endpoints = _keystonev3_call(
        'endpoint_list', name=name, service_id=service_id, interface=interface,
        cloud_name=cloud_name)['endpoints']
    if not endpoints:
        return _absent(name, 'endpoint')
    elif len(endpoints) == 1:
        try:
            _keystonev3_call(
                'endpoint_delete', endpoints[0]['id'], cloud_name=cloud_name
            )
        except Exception as e:
            log.error('Keystone delete endpoint failed with {}'.format(e))
            return _delete_failed(name, 'endpoint')
        return _deleted(name, 'endpoint')
    else:
        return _find_failed(name, 'endpoint')


def service_present(name, type, cloud_name, **kwargs):

    service_id = ''

    try:
        exact_service = _keystonev3_call(
            'service_get_details', name,
            cloud_name=cloud_name)['service']
        service_id = exact_service['id']
    except Exception as e:
        if 'ResourceNotFound' in repr(e):
            pass
        else:
            log.error('Failed to get service {}'.format(e))
            return _create_failed(name, 'service')

    if not service_id:
        try:
            resp = _keystonev3_call(
                'service_create', name=name, type=type,
                cloud_name=cloud_name, **kwargs
            )
        except Exception as e:
            log.error('Keystone service create failed with {}'.format(e))
            return _create_failed(name, 'service')
        return _created(name, 'service', resp)

    else:
        changable = ('type', 'enabled', 'description')
        to_update = {}
        to_check = {'type': type}
        to_check.update(kwargs)

        for key in to_check:
            if (key in changable and (key not in exact_service or
                                      to_check[key] != exact_service[key])):
                    to_update[key] = to_check[key]
        if to_update:
            try:
                resp = _keystonev3_call(
                    'service_update', service_id=service_id,
                    cloud_name=cloud_name, **to_update
                )
            except Exception as e:
                log.error('Keystone service update failed with {}'.format(e))
                return _update_failed(name, 'service')
            return _updated(name, 'service', resp)
        else:
            return _no_changes(name, 'service')
    return _find_failed(name, 'service')


def service_absent(name, cloud_name):
    try:
        _keystonev3_call(
            'service_get_details', name,
            cloud_name=cloud_name)['service']
    except Exception as e:
        if 'ResourceNotFound' in repr(e):
            return _absent(name, 'service')
        else:
            log.error('Failed to get service {}'.format(e))
            return _find_failed(name, 'service')
    try:
        _keystonev3_call('service_delete', name, cloud_name=cloud_name)
    except Exception:
        return _delete_failed(name, 'service')
    return _deleted(name, 'service')


def project_present(name, domain_id, cloud_name, **kwargs):

    projects = _keystonev3_call(
        'project_list', name=name, domain_id=domain_id, cloud_name=cloud_name
    )['projects']

    if not projects:
        try:
            resp = _keystonev3_call(
                'project_create', domain_id=domain_id, name=name,
                cloud_name=cloud_name, **kwargs
            )
        except Exception as e:
            log.error('Keystone project create failed with {}'.format(e))
            return _create_failed(name, 'project')
        return _created(name, 'project', resp)
    elif len(projects) == 1:
        exact_project = projects[0]
        project_id = exact_project['id']
        changable = (
            'is_domain', 'description', 'domain_id', 'enabled',
            'parent_id', 'tags'
        )
        to_update = {}

        for key in kwargs:
            if (key in changable and (key not in exact_project or
                                      kwargs[key] != exact_project[key])):
                    to_update[key] = kwargs[key]

        if to_update:
            try:
                resp = _keystonev3_call(
                    'project_update', project_id=project_id,
                    cloud_name=cloud_name, **to_update
                )
            except Exception as e:
                log.error('Keystone project update failed with {}'.format(e))
                return _update_failed(name, 'project')
            return _updated(name, 'project', resp)
        else:
            return _no_changes(name, 'project')
    else:
        return _find_failed(name, 'project')


def project_absent(name, cloud_name):
    try:
        _keystonev3_call('project_get_details',
                         project_id=name, cloud_name=cloud_name)
    except Exception as e:
        if 'ResourceNotFound' in repr(e):
            return _absent(name, 'project')
        else:
            log.error('Failed to get project {}'.format(e))
            return _find_failed(name, 'project')
    try:
        _keystonev3_call('project_delete', project_id=name,
                         cloud_name=cloud_name)
    except Exception:
        return _delete_failed(name, 'project')
    return _deleted(name, 'project')


def user_present(name, cloud_name, password_reset=False, **kwargs):

    users = _keystonev3_call(
        'user_list', name=name, cloud_name=cloud_name
    )['users']

    if 'default_project_id' in kwargs:
        kwargs['default_project_id'] = _keystonev3_call(
             'project_get_details', kwargs['default_project_id'],
             cloud_name=cloud_name)['project']['id']

    if 'domain_id' in kwargs:
        kwargs['domain_id'] = _keystonev3_call(
            'domain_get_details', kwargs['domain_id'],
            cloud_name=cloud_name)['domain']['id']

    if not users:
        try:
            resp = _keystonev3_call(
                'user_create', name=name, cloud_name=cloud_name, **kwargs
            )
        except Exception as e:
            log.error('Keystone user create failed with: {}'.format(e))
            return _create_failed(name, 'user')
        return _created(name, 'user', resp)

    elif len(users) == 1:
        exact_user = users[0]
        user_id = exact_user['id']
        changable = (
            'default_project_id', 'domain_id', 'enabled', 'email', 'options'
        )
        if password_reset:
            changable += ('password',)
        to_update = {}

        for key in kwargs:
            if key in changable:
                if key == 'options':
                    to_update['options'] = {option: value for option, value in kwargs['options'].items()
                                            if (option not in exact_user['options'])
                                            or (value != exact_user['options'][option])}

                    if not len(to_update['options']):
                        del to_update['options']

                elif key not in exact_user or kwargs[key] != exact_user[key]:
                    to_update[key] = kwargs[key]

        if to_update:
            log.info('Updating keystone user {} with: {}'.format(user_id,
                                                                 to_update))
            try:
                resp = _keystonev3_call(
                    'user_update', user_id=user_id,
                    cloud_name=cloud_name, **to_update
                )
            except Exception as e:
                log.error('Keystone user update failed with {}'.format(e))
                return _update_failed(name, 'user')
            return _updated(name, 'user', resp)
        else:
            return _no_changes(name, 'user')
    else:
        return _find_failed(name, 'user')


def user_absent(name, cloud_name):
    try:
        _keystonev3_call('user_get_details', user_id=name,
                         cloud_name=cloud_name)
    except Exception as e:
        if 'ResourceNotFound' in repr(e):
            return _absent(name, 'user')
        else:
            log.error('Failed to get user {}'.format(e))
            return _find_failed(name, 'user')
    try:
        _keystonev3_call('user_delete', user_id=name, cloud_name=cloud_name)
    except Exception:
        return _delete_failed(name, 'user')
    return _deleted(name, 'user')


def user_role_assigned(name, role_id, cloud_name, project_id=None,
                       domain_id=None, role_domain_id=None, **kwargs):

    user_id = _keystonev3_call(
              'user_get_details', name,
              cloud_name=cloud_name)['user']['id']

    if project_id:
        project_id = _keystonev3_call(
                 'project_get_details', project_id,
                 cloud_name=cloud_name)['project']['id']

    if domain_id:
        domain_id  = _keystonev3_call(
            'domain_get_details', domain_id,
            cloud_name=cloud_name)['domain']['id']


    if (project_id and domain_id) or (not project_id and not domain_id):
        return {
            'name': name,
            'changes': {},
            'result': False,
            'comment': 'Use project_id or domain_id (only one of them)'
        }


    if role_domain_id:
        role_domain_id  = _keystonev3_call(
            'domain_get_details', role_domain_id,
            cloud_name=cloud_name)['domain']['id']

    if role_id:
        role_id = _keystonev3_call(
            'role_get_details', role_id, domain_id=role_domain_id,
            cloud_name=cloud_name)['role']['id']

    req_kwargs = {'role.id': role_id, 'user.id': user_id,
                  'cloud_name': cloud_name}
    if domain_id:
        req_kwargs['domain_id'] = domain_id
    if project_id:
        req_kwargs['project_id'] = project_id

    role_assignments = _keystonev3_call(
                 'role_assignment_list', **req_kwargs)['role_assignments']

    req_kwargs = {'cloud_name': cloud_name, 'user_id': user_id,
                  'role_id': role_id}
    if domain_id:
        req_kwargs['domain_id'] = domain_id
    if project_id:
        req_kwargs['project_id'] = project_id

    if not role_assignments:
        method_type = 'project' if project_id else 'domain'
        method = 'role_assign_for_user_on_{}'.format(method_type)
        try:
            resp = _keystonev3_call(method, **req_kwargs)
        except Exception as e:
            log.error('Keystone user role assignment with {}'.format(e))
            return _create_failed(name, 'user_role_assignment')
        # We check for exact assignment when did role_assignment_list
        # on this stage we already just assigned role if it was missed.
        return _created(name, 'user_role_assignment', resp)
    return _no_changes(name, 'user_role_assignment')


def user_role_unassign(name, role_id, cloud_name, project_id=None,
                       domain_id=None, role_domain_id=None):

    try:
        user_id = _keystonev3_call(
            'user_get_details', name,
            cloud_name=cloud_name)['user']['id']

    except Exception as e:
        if 'ResourceNotFound' in repr(e):
            return _no_changes(name, 'user')
        else:
            log.error('Failed to get user {}'.format(e))
            return _find_failed(name, 'user')

    if project_id:
        project_id = _keystonev3_call(
            'project_get_details', project_id,
            cloud_name=cloud_name)['project']['id']

    if domain_id:
        domain_id = _keystonev3_call(
            'domain_get_details', domain_id,
            cloud_name=cloud_name)['domain']['id']

    if (project_id and domain_id) or (not project_id and not domain_id):
        return {
            'name': name,
            'changes': {},
            'result': False,
            'comment': 'Use project_id or domain_id (only one of them)'
        }

    if role_domain_id:
        role_domain_id = _keystonev3_call(
            'domain_get_details', role_domain_id,
            cloud_name=cloud_name)['domain']['id']

    if role_id:
        role_id = _keystonev3_call(
            'role_get_details', role_id, domain_id=role_domain_id,
            cloud_name=cloud_name)['role']['id']

    req_kwargs = {'role.id': role_id, 'user.id': user_id,
                  'cloud_name': cloud_name}
    if domain_id:
        req_kwargs['domain_id'] = domain_id
    if project_id:
        req_kwargs['project_id'] = project_id

    role_assignments = _keystonev3_call(
        'role_assignment_list', **req_kwargs)['role_assignments']

    req_kwargs = {'cloud_name': cloud_name, 'user_id': user_id,
                  'role_id': role_id}
    if domain_id:
        req_kwargs['domain_id'] = domain_id
    if project_id:
        req_kwargs['project_id'] = project_id

    if not role_assignments:
        return _absent(name, 'user_role_assignment')
    else:
        method_type = 'project' if project_id else 'domain'
        method = 'role_unassign_for_user_on_{}'.format(method_type)
        try:
            _keystonev3_call(method, **req_kwargs)
        except Exception:
            return _delete_failed(name, 'user_role_assignment')
    return _deleted(name, 'user_role_assignment')


def role_present(name, cloud_name, **kwargs):

    roles = _keystonev3_call(
        'role_list', name=name, cloud_name=cloud_name
    )['roles']

    if 'domain_id' in kwargs:
        kwargs['domain_id'] = _keystonev3_call(
            'domain_get_details', kwargs['domain_id'],
            cloud_name=cloud_name)['domains']

    if not roles:
        try:
            resp = _keystonev3_call(
                'role_create', name=name, cloud_name=cloud_name, **kwargs
            )
        except Exception as e:
            log.error('Keystone role create failed with {}'.format(e))
            return _create_failed(name, 'role')
        return _created(name, 'role', resp)
    elif len(roles) == 1:
        exact_role = roles[0]
        role_id = exact_role['id']
        changable = ('domain_id')
        to_update = {}

        for key in kwargs:
            if (key in changable and (key not in exact_role or
                                      kwargs[key] != exact_role[key])):
                to_update[key] = kwargs[key]

        if to_update:
            try:
                resp = _keystonev3_call(
                    'role_update', role_id=role_id,
                    cloud_name=cloud_name, **to_update
                )
            except Exception as e:
                log.error('Keystone role update failed with {}'.format(e))
                return _update_failed(name, 'role')
            return _updated(name, 'role', resp)
        else:
            return _no_changes(name, 'role')
    else:
        return _find_failed(name, 'role')


def role_absent(name, cloud_name):
    try:
        _keystonev3_call('role_get_details', role_id=name,
                         cloud_name=cloud_name)
    except Exception as e:
        if 'ResourceNotFound' in repr(e):
            return _absent(name, 'role')
        else:
            log.error('Failed to get role {}'.format(e))
            return _find_failed(name, 'role')
    try:
        _keystonev3_call('role_delete', role_id=name, cloud_name=cloud_name)
    except Exception:
        return _delete_failed(name, 'role')
    return _deleted(name, 'role')


def domain_present(name, cloud_name, **kwargs):

    domains = _keystonev3_call(
        'domain_list', name=name, cloud_name=cloud_name)['domains']

    if not domains:
        try:
            resp = _keystonev3_call(
                'domain_create', name=name, cloud_name=cloud_name, **kwargs
            )
        except Exception as e:
            log.error('Keystone domain create failed with {}'.format(e))
            return _create_failed(name, 'domain')
        return _created(name, 'domain', resp)
    elif len(domains) == 1:
        exact_domain = domains[0]
        domain_id = exact_domain['id']
        changable = ('tags', 'enabled', 'description')
        to_update = {}

        for key in kwargs:
            if (key in changable and (key not in exact_domain or
                                      kwargs[key] != exact_domain[key])):
                to_update[key] = kwargs[key]

        if to_update:
            try:
                resp = _keystonev3_call(
                    'domain_update', domain_id=domain_id,
                    cloud_name=cloud_name, **to_update
                )
            except Exception as e:
                log.error('Keystone domain update failed with {}'.format(e))
                return _update_failed(name, 'domain')
            return _updated(name, 'domain', resp)
        else:
            return _no_changes(name, 'domain')
    else:
        return _find_failed(name, 'domain')


def domain_absent(name, cloud_name, force_delete=False):
    try:
        _keystonev3_call('domain_get_details',
                         domain_id=name, cloud_name=cloud_name)
    except Exception as e:
        if 'ResourceNotFound' in repr(e):
            return _absent(name, 'domain')
        else:
            log.error('Failed to get a domain {}'.format(e))
            return _find_failed(name, 'domain')

    try:
        if force_delete:
            _keystonev3_call(
                    'domain_update', domain_id=name,
                    enabled=False, cloud_name=cloud_name
                    )

        _keystonev3_call('domain_delete', domain_id=name,
                         cloud_name=cloud_name)
    except Exception:
        return _delete_failed(name, 'domain')
    return _deleted(name, 'domain')


def _created(name, resource, resource_definition):
    changes_dict = {
        'name': name,
        'changes': resource_definition,
        'result': True,
        'comment': '{}{} created'.format(resource, name)
    }
    return changes_dict


def _updated(name, resource, resource_definition):
    changes_dict = {
        'name': name,
        'changes': resource_definition,
        'result': True,
        'comment': '{}{} updated'.format(resource, name)
    }
    return changes_dict


def _no_changes(name, resource):
    changes_dict = {
        'name': name,
        'changes': {},
        'result': True,
        'comment': '{}{} is in desired state'.format(resource, name)
    }
    return changes_dict


def _deleted(name, resource):
    changes_dict = {
        'name': name,
        'changes': {"resource": resource, "name": name, "status": 'deleted'},
        'result': True,
        'comment': '{} {} removed'.format(resource, name)
    }
    return changes_dict


def _absent(name, resource):
    changes_dict = {'name': name,
                    'changes': {},
                    'comment': '{0} {1} not present'.format(resource, name),
                    'result': True}
    return changes_dict


def _delete_failed(name, resource):
    changes_dict = {'name': name,
                    'changes': {},
                    'comment': '{0} {1} failed to delete'.format(resource,
                                                                 name),
                    'result': False}
    return changes_dict


def _create_failed(name, resource):
    changes_dict = {'name': name,
                    'changes': {},
                    'comment': '{0} {1} failed to create'.format(resource,
                                                                 name),
                    'result': False}
    return changes_dict


def _update_failed(name, resource):
    changes_dict = {'name': name,
                    'changes': {},
                    'comment': '{0} {1} failed to update'.format(resource,
                                                                 name),
                    'result': False}
    return changes_dict


def _find_failed(name, resource):
    changes_dict = {
        'name': name,
        'changes': {},
        'comment': '{0} {1} found multiple {0}'.format(resource, name),
        'result': False,
    }
    return changes_dict