#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: "test for replication performance for trivial ignored attribute changes"
## exposure: dangerous
## packages:
## - univention-ad-connector
## tags:
##  - basic
##  - apptest
##  - skip_admember

# shellcheck source=../../lib/base.sh
. "$TESTLIBPATH/base.sh" || exit 137
# shellcheck source=../../lib/udm.sh
. "$TESTLIBPATH/udm.sh" || exit 137
# shellcheck source=../../lib/random.sh
. "$TESTLIBPATH/random.sh" || exit 137


. "adconnector.sh" || exit 137
test -n "$connector_ad_ldap_host" || exit 137

UDM_users_user_username="$(random_chars)"
DESCRIPTION="$(random_chars)"
AD_DN="CN=$UDM_users_user_username,CN=users,$(ad_get_base)"
UDM_USER_DN="uid=$UDM_users_user_username,cn=users,$ldap_base"

SYNCMODE="$(ad_get_sync_mode)"
ad_set_sync_mode "sync"


function ad_create_user_with_password () {
	local username="$1"
	local password="$2"
	local host="$(ucr get connector/ad/ldap/host)"
	local admin="$(ucr get connector/ad/ldap/binddn | sed 's/,.*//;s/cn=//i')"
	local pass="$(cat $(ucr get connector/ad/ldap/bindpw))"
	samba-tool user create --use-username-as-cn "$username" "$password" --URL="ldap://$host" -U"$admin"%"$pass"
	return $?
}

ad_create_user_with_password "$UDM_users_user_username" "Univention.99" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110

ad_exists "$AD_DN"; fail_bool 0 110
udm_exists "users/user"; fail_bool 0 110

logrotate -f /etc/logrotate.d/univention-ad-connector

ucr set connector/ad/poll/profiling=yes
/etc/init.d/univention-ad-connector restart

{ # Generate ignorable replication change in AD

	ad_admin="$(sed 's/,.*//;s/cn=//i' <<<"$connector_ad_ldap_binddn")"
	ad_bindpw="$(< "$connector_ad_ldap_bindpw")"
	ad_ldapurl="ldap://$connector_ad_ldap_host"

	ldif=$(ldbsearch -H "$ad_ldapurl" -U "$ad_admin%$ad_bindpw" \
		samaccountname="$UDM_users_user_username" ntsecuritydescriptor | ldapsearch-wrapper)
	dn=$(sed -n 's/^dn: //p' <<<"$ldif")
	ntsd=$(sed -n 's/^nTSecurityDescriptor: //p' <<<"$ldif")
	ntsd2=$(sed 's/^O:\([^:]*\)G:/O:LAG:/' <<<"$ntsd")
	ntsd3=$(sed 's/^O:\([^:]*\)G:/O:DAG:/' <<<"$ntsd")

	ldbmodify -H "$ad_ldapurl" -U "$ad_admin%$ad_bindpw" <<%EOF
dn: $dn
changetype: modify
replace: nTSecurityDescriptor
nTSecurityDescriptor: $ntsd2
%EOF

	ldbmodify -H "$ad_ldapurl" -U "$ad_admin%$ad_bindpw" <<%EOF
dn: $dn
changetype: modify
replace: nTSecurityDescriptor
nTSecurityDescriptor: $ntsd3
%EOF
}

sleep 10 ## Wait for replication attempt

{ # Extract replication time from log

	RE_START="^.* POLL FROM CON: Incoming .*$"
	RE_END="^.* POLL FROM CON: Processed .*$"
	MAX_DURATION=1

	start_timestamp=""
	end_timestamp=""
	durations=()
	while read -r timestamp msg; do
		if [[ "$msg" =~ $RE_START ]] ; then
			start_timestamp=$timestamp
			echo "$timestamp $msg"
		fi
		if [[ "$msg" =~ $RE_END ]] ; then
			end_timestamp=$timestamp
			echo "$timestamp $msg"
		fi
		if [ -n "$start_timestamp" ] && [ -n "$end_timestamp" ]; then
			epoch_start="$(date -d "$start_timestamp" +"%s")"
			epoch_end="$(date -d "$end_timestamp" +"%s")"
			duration=$((epoch_end - epoch_start))
			echo "$start_timestamp - $end_timestamp -> $duration"
			durations+=("$duration")
			start_timestamp=""
			end_timestamp=""
		fi
	done < /var/log/univention/connector-ad.log
	# check each "ignored attribute" change
	for duration in "${durations[@]}"; do
		if [ "$duration" -gt $MAX_DURATION ]; then
			echo "ERROR: AD-Connector activity took longer ($duration) than $MAX_DURATION seconds."
			fail_test 110
		fi
	done
}

ucr unset connector/ad/poll/profiling
/etc/init.d/univention-ad-connector restart

ad_delete "$AD_DN" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110

exit "$RETVAL"
