#!/usr/bin/env python
import cherrypy
import json
import requests
import splunk.appserver.mrsparkle.controllers as controllers
from splunk.appserver.mrsparkle.lib.decorators import expose_page
from splunk.appserver.mrsparkle.lib.routes import route
import splunk.entity as entity

class UpdateStatusController(controllers.BaseController):
    '''Update SOCRadar alarm status controller'''
    
    @expose_page(must_login=True, methods=['POST'])
    @route('/:app/:action=update_status')
    def update_status(self, app, action, **kwargs):
        try:
            # Get the POST data
            cl = cherrypy.request.headers.get('Content-Length', 0)
            raw_body = cherrypy.request.body.read(int(cl))
            data = json.loads(raw_body)
            
            alarm_id = data.get('alarm_id')
            status = data.get('status')
            comments = data.get('comments', 'Updated via Splunk')
            
            # Get SOCRadar settings
            session_key = cherrypy.session.get('sessionKey')
            settings = self.get_socradar_settings(session_key)
            
            if not settings.get('company_id') or not settings.get('api_key'):
                raise Exception("SOCRadar API credentials not configured")
            
            # Make API call to SOCRadar
            url = f"https://platform.socradar.com/api/company/{settings['company_id']}/alarms/status/change"
            
            payload = {
                "status": status,
                "alarm_ids": alarm_id,
                "comments": comments
            }
            
            params = {
                "key": settings['api_key']
            }
            
            response = requests.post(url, json=payload, params=params, timeout=30)
            
            if response.status_code == 200:
                return json.dumps({"success": True, "message": "Status updated successfully"})
            else:
                return json.dumps({"success": False, "message": f"API error: {response.status_code}"})
                
        except Exception as e:
            return json.dumps({"success": False, "message": str(e)})
    
    def get_socradar_settings(self, session_key):
        """Get SOCRadar settings from app configuration"""
        try:
            # Try to get settings from the configuration
            settings_entity = entity.getEntity(
                'ta_socradar_incidents_settings',
                'additional_parameters',
                namespace='TA-socradar-incidents',
                sessionKey=session_key,
                owner='nobody'
            )
            
            return {
                'company_id': settings_entity.get('socradar_company_id'),
                'api_key': settings_entity.get('socradar_company_api_key')
            }
        except:
            # Fallback: read from conf file
            import os
            import configparser
            
            conf_path = os.path.join(
                os.environ.get('SPLUNK_HOME', '/opt/splunk'),
                'etc', 'apps', 'TA-socradar-incidents', 'local',
                'ta_socradar_incidents_settings.conf'
            )
            
            if os.path.exists(conf_path):
                config = configparser.ConfigParser()
                config.read(conf_path)
                
                if 'additional_parameters' in config:
                    return {
                        'company_id': config['additional_parameters'].get('socradar_company_id'),
                        'api_key': config['additional_parameters'].get('socradar_company_api_key')
                    }
            
            return {}