#!pyobjects
## -*- mode: python -*-
from salt.utils import dictupdate
import yaml
import json

File.directory('/etc/filebeat/', create=True, mode=755, user='root', group='root')

fqdn = grains('fqdn')
fqdn_ipv6 = grains('fqdn_ipv6')
conf_path = '/etc/filebeat/'

tls = pillar('filebeat:tls', {})

# defaults
config = {
  'name': str(fqdn),
  'path': {
    'home': '/var/lib/filebeat',
    'conf': '/etc/filebeat',
    'logs': '/var/log',
  },
  'logging': {
    'level': 'info',
    'selectors': ["*"],
    'to_files': True,
    'to_syslog': False,
    'files': {
      'path': '/var/log/filebeat',
      'name': 'filebeat.log',
      'keepfiles': 7,
    }},
  'filebeat': {},
  'output': {},
}

elastic_template = pillar('template', False)
config['filebeat']['inputs'] = pillar('filebeat:inputs')
config['output'] = pillar('filebeat:output')
dictupdate.update(config, pillar('filebeat:config', {}))

if elastic_template:
  File.managed(
    conf_path + 'filebeat.template.json',
    mode=640, user='root', group='root',
    contents=json.dumps(elastic_template),
    require=[File(conf_path)])
else:
  File.absent(conf_path + 'filebeat.template.json')

for out in config['output'].keys():
  if out in tls.keys():
    out_ssl = {}
    config['output'][out]['ssl'] = out_ssl
    out_ssl['enabled'] = tls[out].get('enabled', True)
    for pemtype in ('cert', 'key', 'ca'):
      contents = tls[out].get(pemtype, tls.get(pemtype, ''))
      path = conf_path + out + '-' + pemtype + '.pem'
      if contents:
        if pemtype == 'cert': out_ssl['certificate'] = path
        if pemtype == 'key': out_ssl['key'] = path
        if pemtype == 'ca': out_ssl['certificate_authorities'] = [path]
      File.managed(
        path, mode=600, user='root', group='root',
        contents=contents, require=[File(conf_path)])

File.managed(
  conf_path + 'filebeat.yml',
  mode=640, user='root', group='root',
  # check_cmd='filebeat test config -c',
  contents="# This file is generated by Salt\n" + yaml.dump(config),
  require=[File(conf_path)])