// vim: set sw=4 ts=4 sts=4 et :
import groovy.transform.Field
import org.jenkinsci.plugins.pipeline.modeldefinition.Utils

def call(rw_limit, stages) {
    properties([
        pipelineTriggers([cron('H H * * *')])
    ])

    timeout(time: 1, unit: 'HOURS') {
        lock('cfgpol') {
            podTemplate(containers: [
                containerTemplate(
                    name: 'ansible',
                    image: 'git.pyrocufflink.net/containerimages/ansible',
                    alwaysPullImage: true,
                )
            ]) {
                node(POD_LABEL) {
                    checkout scm
                    withEnv([
                        "HOME=${WORKSPACE}",
                        "KRB5CCNAME=${WORKSPACE}/.krb5cc",
                        'ANSIBLE_SSH_EXTRA_ARGS=-A',
                    ]) {
                        container('ansible') {
                            try {
                                sshagent(['jenkins-sudo-sshkey']) {
                                    stageKinit()
                                    stageRemountRW(rw_limit)
                                    generateStages(stages)
                                    stageRemountRO(rw_limit)
                                }
                            } catch (err) {
                                postFailure(err)
                            } finally {
                                postCleanup()
                            }
                        }
                    }
                }
            }
        }
    }
}

def stageKinit() {
    stage('kinit') {
        withCredentials([file(
            credentialsId: 'keytab-jenkins@pyrocufflink.blue',
            variable: 'KEYTAB'
        )]) {
            sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
        }
        sh 'rm -rf .fact-cache'
    }
}


def stageRemountRW(limit) {
    def STAGE_NAME = 'Remount R/W'
    stage(STAGE_NAME) {
        if (limit) {
            ansiblePlaybook \
                playbook: 'remount.yml',
                limit: limit,
                become: true,
                credentialsId: 'jenkins-cfgmgmt',
                vaultCredentialsId: 'ansible-vault',
                extraVars: [
                    remount_state: 'rw',
                ]
        } else {
            Utils.markStageSkippedForConditional(STAGE_NAME)
        }
    }
}

def generateStages(stages) {
    stages.each { name, playbooks ->
        stage(name) {
            playbooks.each { playbook -> 
                ansiblePlaybook \
                    playbook: playbook,
                    become: true,
                    credentialsId: 'jenkins-cfgmgmt',
                    vaultCredentialsId: 'ansible-vault',
                    extras: '--diff',
                    skippedTags: 'install'
            }
        }
    }
}

def stageRemountRO(limit) {
    def STAGE_NAME = 'Remount R/O'
    stage(STAGE_NAME) {
        if (limit) {
            ansiblePlaybook \
                playbook: 'remount.yml',
                limit: limit + ':!rw-root',
                become: true,
                credentialsId: 'jenkins-cfgmgmt',
                vaultCredentialsId: 'ansible-vault',
                extras: '--diff'
        } else {
            Utils.markStageSkippedForConditional(STAGE_NAME)
        }
    }
}

def postCleanup() {
    sh 'kdestroy'
}

def postFailure(err) {
    currentBuild.result = 'FAILURE'
    emailext \
        to: 'gyrfalcon@ebonfire.com',
        subject: '$DEFAULT_SUBJECT',
        body: '$DEFAULT_CONTENT'
    error "${err}"
}