#!/usr/bin/env python
# Copyright (c) 2017 Intel Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

DOCUMENTATION = '''
---
module: fetch_url_and_verify
short_description: Fetch image and verify against a SHA256SUM URL
description:
    - Download a URL and check it against a remote SHA256SUMS file
options:
  url: Image URL
  image_dest: Image filename
  sha256_url: SHA256SUMS URL
  dest: python file mode (w, wb, a, ab)
  retries: fetch retries
'''


def main():
    module = AnsibleModule(
        argument_spec={
            'url': {'required': True, 'type': 'str'},
            'sha256url': {'required': True, 'type': 'str'},
            'dest': {'required': True, 'type': 'path'},
            'retries': {'required': False, 'type': 'int', 'default': 3},
        }
    )
    params = module.params
    url = params['url']
    dest = params['dest']
    sha256url = params['sha256url']
    retries = params['retries']

    image_dir, image_filename = os.path.split(dest)
    rc, stdout, stderr = module.run_command(['curl', '-sS', sha256url])
    if rc == 0 and stdout:
        sha256line = next(
            (l for l in stdout.splitlines() if image_filename in l), "")
    if not sha256line:
        module.fail_json(
            msg="Unable to find SHA256SUMS line for file {}".format(
                image_filename))
    rc = \
    module.run_command(['sha256sum', '-c'], data=sha256line, cwd=image_dir)[0]
    if rc == 0:
        sha256sum = sha256line.split()[0]
        module.exit_json(changed=False, dest=dest, url=url,
                         sha256sum=sha256sum)

    for retry in range(retries):
        curl_rc, stdout, stderr = module.run_command(
            ['curl', '-sS', '-o', dest, url], cwd=image_dir)
        if curl_rc == 0:
            sha256_rc, stdout, stderr = module.run_command(['sha256sum', '-c'],
                                                           data=sha256line,
                                                           cwd=image_dir)
            if sha256_rc == 0:
                module.exit_json(changed=True)

    module.fail_json(msg="Unable to download {}".format(url), stdout=stdout,
                     stderr=stderr)


# <<INCLUDE_ANSIBLE_MODULE_COMMON>>
from ansible.module_utils.basic import *  # noqa

if __name__ == '__main__':
    main()