#! /usr/bin/env perl
# vim: set filetype=perl ts=4 sw=4 sts=4 et:
use common::sense;

use File::Basename;
use lib dirname(__FILE__) . '/../../../lib/perl';
use OVH::Result;
use OVH::Bastion;
use OVH::Bastion::Plugin qw( :DEFAULT help );
use OVH::Bastion::Plugin::ACL;

my $remainingOptions = OVH::Bastion::Plugin::begin(
    argv    => \@ARGV,
    header  => "removing personal access to a server from an account",
    options => {
        "account=s" => \my $account,
        "user-any"  => \my $userAny,
        "port-any"  => \my $portAny,
        "scpup"     => \my $scpUp,
        "scpdown"   => \my $scpDown,
        "sftp"      => \my $sftp,
    },
    helptext => <<'EOF',
Remove a personal server access from an account

Usage: --osh SCRIPT_NAME --account ACCOUNT --host HOST [OPTIONS]

  --account               Bastion account to remove access from
  --host IP|HOST|IP/MASK  Server to remove access from
  --user USER             Remote user that was allowed, if any user was allowed, use --user-any
  --user-any              Use if any remote login was allowed
  --port PORT             Remote SSH port that was allowed, if any port was allowed, use --port-any
  --port-any              Use if any remote port was allowed
  --scpup                 Remove SCP upload right, you--bastion-->server (omit --user in this case)
  --scpdown               Remove SCP download right, you<--bastion--server (omit --user in this case)
  --sftp                  Remove usage of the SFTP subsystem, you<--bastion-->server (omit --user in this case)
EOF
);

my $fnret;

if (!$ip) {
    help();
    osh_exit 'ERR_MISSING_PARAMETER', "Missing parameter 'host' or didn't resolve correctly";
}

$fnret = OVH::Bastion::Plugin::ACL::check(
    user    => $user,
    userAny => $userAny,
    port    => $port,
    portAny => $portAny,
    scpUp   => $scpUp,
    scpDown => $scpDown,
    sftp    => $sftp
);
if (!$fnret) {
    help();
    osh_exit($fnret);
}
$user = $fnret->value->{'user'};

if (not $account) {
    help();
    osh_exit 'ERR_MISSING_PARAMETER', "Missing mandatory parameter 'account'";
}

$fnret = OVH::Bastion::is_bastion_account_valid_and_existing(account => $account);
$fnret or osh_exit $fnret;
$account = $fnret->value->{'account'};

my @command = qw{ sudo -n -u allowkeeper -- /usr/bin/env perl -T };
push @command, $OVH::Bastion::BASEPATH . '/bin/helper/osh-accountModifyPersonalAccess';
push @command, '--target', 'any';
push @command, '--action', 'del';
push @command, '--account', $account;
push @command, '--ip', $ip;
push @command, '--user', $user if $user;
push @command, '--port', $port if $port;

osh_exit OVH::Bastion::helper(cmd => \@command);