#!/usr/share/ucs-test/runner python
## desc: Check cron job script lock_expired_accounts
## roles: [domaincontroller_master]
## exposure: dangerous
## packages: [univention-directory-manager-tools]
## bugs: [35088]

from datetime import datetime, timedelta
import univention.admin.uldap
import univention.admin.modules as udm_modules
import univention.testing.udm as udm_test
import univention.testing.utils as utils
import pprint
import subprocess
import time


def main():
	print time.ctime()
	with udm_test.UCSTestUDM() as udm:
		udm_modules.update()
		lo, position = univention.admin.uldap.getAdminConnection()
		udm_modules.init(lo, position, udm_modules.get('users/user'))

		def create_user(expiry_days_delta, locked_status):
			expiry_time = datetime.utcnow() + timedelta(days=expiry_days_delta)
			userdn, username = udm.create_user(userexpiry=expiry_time.strftime("%Y-%m-%d"), locked=locked_status)
			return username

		userdata = {}
		for delta, initial_state, expected_state in [[-9, 'none', 'none'],
													 [-8, 'none', 'none'],
#													 [-7, 'none', 'none'],  disabled due to bug #36210
#													 [-6, 'none', 'posix'],  disabled due to bug #36210
													 [-5, 'none', 'posix'],
													 [-4, 'none', 'posix'],
													 [-3, 'none', 'posix'],
													 [-2, 'none', 'posix'],
													 [-1, 'none', 'posix'],
#													 [0, 'none', 'posix'],  disabled due to bug #36210
													 [1, 'none', 'none'],
													 [2, 'none', 'none'],
													 [-4, 'windows', 'all'],
#													 [0, 'windows', 'all'],  disabled due to bug #36210
													 [2, 'windows', 'windows'],
													 ]:
			userdata[create_user(delta, initial_state)] = [initial_state, expected_state]

		ldap_filter = '(|(uid=' + ')(uid='.join(userdata.keys()) + '))'

		results = udm_modules.lookup('users/user', None, lo, scope='sub', filter=ldap_filter)
		if len(results) != len(userdata):
			print 'RESULTS: %r' % (pprint.PrettyPrinter(indent=2).pformat(results),)
			utils.fail('Did not find all users prior to script execution!')
		for entry in results:
			entry.open()
			if not entry['locked'] == userdata[entry['username']][0]:
				utils.fail('uid=%s should not be locked for posix prior to script execution!' % (entry['username'],))

		print 'Calling lock_expired_accounts...'
		subprocess.call(['/usr/share/univention-directory-manager-tools/lock_expired_accounts', '--only-last-week'])
		print 'DONE'

		results = udm_modules.lookup('users/user', None, lo, scope='sub', filter=ldap_filter)
		if len(results) != len(userdata):
			print 'RESULTS: %r' % (pprint.PrettyPrinter(indent=2).pformat(results),)
			utils.fail('Did not find all users after script execution!')
		for entry in results:
			entry.open()
			if not entry['locked'] == userdata[entry['username']][1]:
				utils.fail('The account uid=%r is not in expected locking state: expected=%r  current=%r' % (entry['username'], userdata[entry['username']][1], entry['locked']))


if __name__ == '__main__':
	main()
