import os.path
import random
import string
from celery.schedules import crontab

import base64

_basedir = os.path.abspath(os.path.dirname(__file__))

# See the Lemur docs (https://lemur.readthedocs.org) for more information on configuration

LOG_LEVEL = str(os.environ.get('LOG_LEVEL', 'DEBUG'))
LOG_FILE = str(os.environ.get('LOG_FILE', '/home/lemur/.lemur/lemur.log'))
LOG_JSON = True

CORS = os.environ.get("CORS") == "True"
debug = os.environ.get("DEBUG") == "True"


def get_random_secret(length):
    secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length / 4)))
    secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length / 4)))
    secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4)))
    return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4)))


# This is the secret key used by Flask session management
SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8')))

# You should consider storing these separately from your config
LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET',
                                         base64.b64encode(get_random_secret(32).encode('utf8'))))
# This must match the key for whichever DB the container is using - this could be a dump of dev or test, or a unique key
LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS',
                                            base64.b64encode(get_random_secret(32).encode('utf8')).decode('utf8')))

REDIS_HOST = 'redis'
REDIS_PORT = 6379
REDIS_DB = 0
CELERY_RESULT_BACKEND = f'redis://{REDIS_HOST}:{REDIS_PORT}'
CELERY_BROKER_URL = f'redis://{REDIS_HOST}:{REDIS_PORT}'
CELERY_IMPORTS = ('lemur.common.celery')
CELERYBEAT_SCHEDULE = {
    # All tasks are disabled by default. Enable any tasks you wish to run.
    # 'fetch_all_pending_acme_certs': {
    #     'task': 'lemur.common.celery.fetch_all_pending_acme_certs',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(minute="*"),
    # },
    # 'remove_old_acme_certs': {
    #     'task': 'lemur.common.celery.remove_old_acme_certs',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(hour=8, minute=0, day_of_week=5),
    # },
    # 'clean_all_sources': {
    #     'task': 'lemur.common.celery.clean_all_sources',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(hour=5, minute=0, day_of_week=5),
    # },
    # 'sync_all_sources': {
    #     'task': 'lemur.common.celery.sync_all_sources',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(hour="*/2", minute=0),
    #     # this job is running 30min before endpoints_expire which deletes endpoints which were not updated
    # },
    # 'sync_source_destination': {
    #     'task': 'lemur.common.celery.sync_source_destination',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(hour="*/2", minute=15),
    # },
    # 'report_celery_last_success_metrics': {
    #     'task': 'lemur.common.celery.report_celery_last_success_metrics',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(minute="*"),
    # },
    # 'certificate_reissue': {
    #     'task': 'lemur.common.celery.certificate_reissue',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(hour=9, minute=0),
    # },
    # 'certificate_rotate': {
    #     'task': 'lemur.common.celery.certificate_rotate',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(hour=10, minute=0),
    # },
    # 'endpoints_expire': {
    #     'task': 'lemur.common.celery.endpoints_expire',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(hour="*/2", minute=30),
    #     # this job is running 30min after sync_all_sources which updates endpoints
    # },
    # 'get_all_zones': {
    #     'task': 'lemur.common.celery.get_all_zones',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(minute="*/30"),
    # },
    # 'check_revoked': {
    #     'task': 'lemur.common.celery.check_revoked',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(hour=10, minute=0),
    # }
    # 'enable_autorotate_for_certs_attached_to_endpoint': {
    #     'task': 'lemur.common.celery.enable_autorotate_for_certs_attached_to_endpoint',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(hour=10, minute=0),
    # }
    # 'notify_expirations': {
    #     'task': 'lemur.common.celery.notify_expirations',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(hour=10, minute=0),
    #  },
    # 'notify_authority_expirations': {
    #     'task': 'lemur.common.celery.notify_authority_expirations',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(hour=10, minute=0),
    # },
    # 'send_security_expiration_summary': {
    #     'task': 'lemur.common.celery.send_security_expiration_summary',
    #     'options': {
    #         'expires': 180
    #     },
    #     'schedule': crontab(hour=10, minute=0, day_of_week='mon-fri'),
    # }
}
CELERY_TIMEZONE = 'UTC'

SQLALCHEMY_ENABLE_FLASK_REPLICATED = False
SQLALCHEMY_DATABASE_URI = os.environ.get('SQLALCHEMY_DATABASE_URI', 'postgresql://lemur:lemur@localhost:5432/lemur')

SQLALCHEMY_TRACK_MODIFICATIONS = False
SQLALCHEMY_ECHO = True
SQLALCHEMY_POOL_RECYCLE = 499
SQLALCHEMY_POOL_TIMEOUT = 20

LEMUR_EMAIL = 'lemur@example.com'
LEMUR_SECURITY_TEAM_EMAIL = ['security@example.com']
LEMUR_SECURITY_TEAM_EMAIL_INTERVALS = [15, 2]
LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS = [30, 15, 2]
LEMUR_EMAIL_SENDER = 'smtp'

# mail configuration
# MAIL_SERVER = 'mail.example.com'

PUBLIC_CA_MAX_VALIDITY_DAYS = 397
DEFAULT_VALIDITY_DAYS = 365

LEMUR_OWNER_EMAIL_IN_SUBJECT = False

LEMUR_DEFAULT_COUNTRY = str(os.environ.get('LEMUR_DEFAULT_COUNTRY', 'US'))
LEMUR_DEFAULT_STATE = str(os.environ.get('LEMUR_DEFAULT_STATE', 'California'))
LEMUR_DEFAULT_LOCATION = str(os.environ.get('LEMUR_DEFAULT_LOCATION', 'Los Gatos'))
LEMUR_DEFAULT_ORGANIZATION = str(os.environ.get('LEMUR_DEFAULT_ORGANIZATION', 'Example, Inc.'))
LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = str(os.environ.get('LEMUR_DEFAULT_ORGANIZATIONAL_UNIT', ''))

LEMUR_DEFAULT_AUTHORITY = str(os.environ.get('LEMUR_DEFAULT_AUTHORITY', 'ExampleCa'))

LEMUR_DEFAULT_ROLE = 'operator'

ACTIVE_PROVIDERS = []
METRIC_PROVIDERS = []

# Authority Settings - These will change depending on which authorities you are
# using
current_path = os.path.dirname(os.path.realpath(__file__))

# DNS Settings

# exclude logging missing SAN, since we can have certs from private CAs with only cn, prod parity
LOG_SSL_SUBJ_ALT_NAME_ERRORS = False

ACME_DNS_PROVIDER_TYPES = {"items": [
    {
        'name': 'route53',
        'requirements': [
            {
                'name': 'account_id',
                'type': 'int',
                'required': True,
                'helpMessage': 'AWS Account number'
            },
        ]
    },
    {
        'name': 'cloudflare',
        'requirements': [
            {
                'name': 'email',
                'type': 'str',
                'required': True,
                'helpMessage': 'Cloudflare Email'
            },
            {
                'name': 'key',
                'type': 'str',
                'required': True,
                'helpMessage': 'Cloudflare Key'
            },
        ]
    },
    {
        'name': 'dyn',
    },
    {
        'name': 'ultradns',
    },
]}

# Authority plugins which support revocation
SUPPORTED_REVOCATION_AUTHORITY_PLUGINS = ['acme-issuer']