#!/bin/bash


######################################################################
#By Shannon Mitchell                                                 #
#shannon.mitchell@fusiontechnology-llc.com                           #
######################################################################
#_____________________________________________________________________
#|  Version |   Change Information  |      Author        |    Date    |
#|__________|_______________________|____________________|____________|
#|    0.1   |   Initial Script      | Shannon Mitchell   | 04-mar-2012|
#|          |   Creation            |                    |            |
#|__________|_______________________|____________________|____________|



#####################
# Global Variables
#####################
CONFIGFILE=/etc/aqueduct/aqueduct.conf
AQPROFILE_BASE=$AQPROFILE_BASE
AQSCRIPT_BASE=$AQSCRIPT_BASE
GOVAUTH=""
TARGET=""
LANGUAGE=""
PROFILE=""
CHECKID=""

####################
# Global Functions
####################
function print_usage() {
      echo "Usage: $0 [--config config] --governing-auth governing_auth --target target --lanugage language {--profile profile | --checkid checkid}"
}

function process_check() {
  CHKID=$1

  if [ "$LANGUAGE" == "Bash" ]
  then
    COMMAND="${AQSCRIPT_BASE}/${GOVAUTH}/${TARGET}/scripts/${CHKID}.sh"
    echo "Executing: $COMMAND"
    `$COMMAND`
  fi

  if [ "$LANGUAGE" == "Puppet" ]
  then
    echo "Puppet is not supported yet, so check is skipped"
  fi
}

function process_profile() {

  PROFID=$1

  TYPE="none found"

  ###############################
  # Make sure the profile exists
  ###############################
  CURPROFILE="${AQPROFILE_BASE}/${GOVAUTH}/${TARGET}/default.profile"
  if [ ! -e "${AQPROFILE_BASE}/${GOVAUTH}/${TARGET}/${PROFID}.profile" ]
  then
    echo "PROFILE ${AQPROFILE_BASE}/${GOVAUTH}/${TARGET}/${PROFID}.profile does not exist.  Defaulting to ${AQPROFILE_BASE}/${GOVAUTH}/${TARGET}/default.profile "
  else
    CURPROFILE="${AQPROFILE_BASE}/${GOVAUTH}/${TARGET}/${PROFID}.profile"
  fi
  
  #############################################
  # Find out if its a default include 'ALL'
  #############################################
  grep '^include ALL' $CURPROFILE > /dev/null
  if [ $? -eq 0 ]
  then
    TYPE="include_all"
  fi

  #############################################
  # Find out if its an exclude 'All'
  #############################################
  grep '^exclude ALL' $CURPROFILE> /dev/null
  if [ $? -eq 0 ]
  then
    if [ "$TYPE" == "none found" ]
    then
      TYPE="exclude_all"
    else
      echo "You can't exclude and include 'ALL' scripts.  Pick one or the other"
      exit 2
    fi
  fi

  ###################################################################
  # Kill things if it can't find any exclude or include all entries
  ###################################################################
  if [ "$TYPE" == "none found" ]
  then
    echo "You must define either an 'include ALL' or 'exclude ALL' entry"
    exit 2
  fi

  #########################################
  # Process the include all configuration
  #########################################
  if [ "$TYPE" == "include_all" ]
  then
    process_include_all $CURPROFILE
    exit 0
  fi

  #########################################
  # Process the exclude all configuration
  #########################################
  if [ "$TYPE" == "exclude_all" ]
  then

    # Run only included checks
    for DOCHECK in `awk '/^include/{print $2}' $CURPROF`
    do
      process_check $DOCHECK
    done

    exit 0

  fi


}


function process_include_all() {
  CURPROF=$1
  INDEX=0
  
  ######################################################################
  # We need to get a list of available check IDs.  This may differ from
  # Bash and Puppet.   
  ######################################################################
  if [ "$LANGUAGE" == "Bash" ]
  then

    # Gather an array of check ids
    CHECKARR=''
    for CHECK in `ls ${AQSCRIPT_BASE}/${GOVAUTH}/${TARGET}/scripts/*.sh`
    do
      THISCHKID=`basename $CHECK | cut -d'.' -f1`
      #echo $THISCHKID
      CHECKARR[$INDEX]=$THISCHKID
      INDEX=`expr $INDEX + 1`
    done


    # Remove any excluded ones from the list
    for EXCHECK in `awk '/^exclude/{print $2}' $CURPROF`
    do
      echo $EXCHECK
      declare -a CHECKARR=( ${CHECKARR[@]/${EXCHECK}/} )
    done

    # Process checks
    for DOCHK in ${CHECKARR[@]}
    do
      process_check $DOCHK
    done
  fi

}




##########################################
# Pull all of the command line arguments
##########################################
optspec=":h-:"

while getopts "$optspec" optchar;
do
  case "${optchar}" in
    -)
      case "${OPTARG}" in
        config)
          val="${!OPTIND}"; OPTIND=$(( $OPTIND + 1 ))
          CONFIGFILE=$val
          ;;
        governing-auth)
          val="${!OPTIND}"; OPTIND=$(( $OPTIND + 1 ))
          GOVAUTH=$val
          ;;
        target)
          val="${!OPTIND}"; OPTIND=$(( $OPTIND + 1 ))
          TARGET=$val
          ;;
        language)
          val="${!OPTIND}"; OPTIND=$(( $OPTIND + 1 ))
          LANGUAGE=$val
          ;;
        profile)
          val="${!OPTIND}"; OPTIND=$(( $OPTIND + 1 ))
          PROFILE=$val
          ;;
        checkid)
          val="${!OPTIND}"; OPTIND=$(( $OPTIND + 1 ))
          CHECKID=$val
          ;;
        *)
          echo "Invalid option:  ${OPTARG}"
          print_usage
          exit 2
          ;;
      esac
      ;;
    h)
      print_usage
      exit 2
      ;;
  esac
done



##############################################
# Process config file
##############################################

# Check that it exists
if [ -e $CONFIGFILE ]
then
  echo "Parsing $CONFIGFILE"

  # If the AQPROFILE_BASE is not set then get it from the config
  if [ -z $AQPROFILE_BASE ]
  then
    AQPROFILE_BASE=`awk '/AQPROFILE_BASE/{print $2}' $CONFIGFILE`
  fi

  # If it does not exist then exit
  if [ -e "${AQPROFILE_BASE}" ]
  then
    echo "Using $AQPROFILE_BASE for profile base directory"
  else
    echo "Profile base $AQPROFILE_BASE does not exist."
    exit 2
  fi

  # If the AQSCRIPT_BASE is not set then get it from the config
  if [ -z $AQSCRIPT_BASE ]
  then
    AQSCRIPT_BASE=`awk '/AQSCRIPT_BASE/{print $2}' $CONFIGFILE`
  fi

  # If it does not exist then exit
  if [ -e "${AQSCRIPT_BASE}" ]
  then
    echo "Using $AQSCRIPT_BASE for script base directory"
  else
    echo "Script base $AQSCRIPT_BASE does not exist."
    exit 2
  fi
  
else
  echo "Config file $CONFIGFILE does not exist";
  exit 2
fi



###########################################################
# Check the governing auth option and related directories
###########################################################
if [ -z $GOVAUTH ]
then
  echo "The governing-auth option is required"
  print_usage
  exit 2
else
  echo "Setting GOVAUTH to $GOVAUTH"  
fi

# Check the profile dir for the given governing auth
if [ ! -d "${AQPROFILE_BASE}/${GOVAUTH}" ]
then
  echo "Governing auth profile dir missing: ${AQPROFILE_BASE}/${GOVAUTH}"
  exit 2
fi

# Check the script dir for the given governing auth
if [ ! -d "${AQSCRIPT_BASE}/${GOVAUTH}" ]
then
  echo "Governing auth script dir missing: ${AQSCRIPT_BASE}/${GOVAUTH}"
  exit 2
fi


###########################################################
# Check the target option and related directories
###########################################################
if [ -z $TARGET ]
then
  echo "The target option is required"
  print_usage
  exit 2
else
  echo "Setting TARGET to $TARGET"  
fi

# Check the profile dir for the given target
if [ ! -d "${AQPROFILE_BASE}/${GOVAUTH}/${TARGET}" ]
then
  echo "Target profile dir missing: ${AQPROFILE_BASE}/${GOVAUTH}/${TARGET}"
  exit 2
fi

# Check the script dir for the given target
if [ ! -d "${AQSCRIPT_BASE}/${GOVAUTH}/${TARGET}" ]
then
  echo "Target script dir missing: ${AQSCRIPT_BASE}/${GOVAUTH}/${TARGET}"
  exit 2
fi




###########################################################
# Check the language option and related directories
###########################################################
if [ -z $LANGUAGE ]
then
  echo "The language option is required"
  print_usage
  exit 2
else
  echo "Setting LANGUAGE to $LANGUAGE"  
fi

# Check the script dir locations based on language
if [ $LANGUAGE == "Bash" ]
then
  if [ ! -d "${AQSCRIPT_BASE}/${GOVAUTH}/${TARGET}/scripts" ]
  then
    echo "Language script dir missing: ${AQSCRIPT_BASE}/${GOVAUTH}/${TARGET}/scripts"
    exit 2
  fi
fi
if [ $LANGUAGE == "Puppet" ]
then
  if [ ! -d "${AQSCRIPT_BASE}/${GOVAUTH}/${TARGET}/modules" ]
  then
    echo "Language script dir missing: ${AQSCRIPT_BASE}/${GOVAUTH}/${TARGET}/modules"
    exit 2
  fi
fi


###############################################
# Make sure either profile or checkid is set
###############################################
if [ -z $PROFILE ] && [ -z $CHECKID ]
then
  echo "You must specify either the profile or checkid option"
  print_usage
  exit 2
fi

############################
# Process a single check id
############################
if [ ! -z $CHECKID ]
then
  process_check $CHECKID
  exit 0
fi

############################
# Process a profile
############################
if [ ! -z $PROFILE ]
then
  process_profile $PROFILE
  exit 0
fi


