#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
FROM ubuntu:20.04

ARG APT_PROXY
RUN if [ ! -z $APT_PROXY ] ; then \
    echo "Acquire::http::Proxy \"$APT_PROXY\";" > /etc/apt/apt.conf.d/proxy.conf ;\
    echo "Acquire::https::Proxy \"$APT_PROXY\";" >> /etc/apt/apt.conf.d/proxy.conf ;\
    fi

EXPOSE 5000

WORKDIR /app

COPY scripts/start.sh /app/start.sh

RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \
    DEBIAN_FRONTEND=noninteractive apt-get autoremove -y && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common && \
    add-apt-repository -y cloud-archive:victoria && \
    DEBIAN_FRONTEND=noninteractive apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y \
    apache2=2.4.* \
    keystone=2:18.1.* \
    libapache2-mod-wsgi-py3=4.6.* \
    python3-pip=20.0.* \
    build-essential=12.8* \
    python3-dev=3.8.* \
    libldap2-dev=2.4.* \
    libsasl2-dev=2.1.* \
    libssl-dev=1.1.* \
    libffi-dev=3.3* \
    libxml2-dev=2.9.* \
    libxslt1-dev=1.1.* \
    zlib1g-dev=1:1.2.* \
    ldap-utils=2.4.* \
    curl=7.68.* \
    net-tools=1.60* \
    mysql-client=8.0.* \
    dnsutils=1:9.16.* && \
    rm -rf /var/lib/apt/lists/* && \
    chmod +x start.sh

RUN pip3 install -U pip==21.3.1 && \
    pip3 install python-ldap==3.2.0 ldappool==3.0.0 python-openstackclient==5.7.0

# Creating the user for the app
RUN groupadd -g 1000 appuser && \
    useradd -u 1000 -g 1000 -d /app appuser && \
    usermod -a -G keystone appuser && \
    usermod -a -G adm appuser && \
    chown -R appuser:appuser /app && \
    chown root:keystone /etc/keystone && \
    chmod 770 /etc/keystone && \
    chown root:keystone /etc/ssl/certs && \
    chmod 770 /etc/ssl/certs && \
    chown root:keystone /etc/apache2/apache2.conf && \
    chmod 664 /etc/apache2/apache2.conf && \
    sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/ports.conf && \
    chown root:keystone /var/spool && \
    chmod 775 /var/spool && \
    chmod 770 /var/log/apache2 && \
    chmod 660 /var/log/apache2/* && \
    chmod 770 /var/log/keystone && \
    chown root:keystone /var/run/apache2 && \
    chmod 775 /var/run/apache2 && \
    mkdir -p /etc/sudoers.d && \
    echo "%appuser ALL= NOPASSWD: /sbin/service apache2 *" > /etc/sudoers.d/appuser

USER appuser

# database
ENV DB_HOST                 keystone-db
ENV DB_PORT                 3306
ENV ROOT_DB_USER            root
ENV ROOT_DB_PASSWORD        admin
ENV KEYSTONE_DB_PASSWORD    admin
# keystone
ENV REGION_ID               RegionOne
ENV KEYSTONE_HOST           keystone
# admin user
ENV ADMIN_USERNAME          admin
ENV ADMIN_PASSWORD          admin
ENV ADMIN_PROJECT           admin
# nbi service user
ENV SERVICE_USERNAME        nbi
ENV SERVICE_PASSWORD        nbi
ENV SERVICE_PROJECT         service
# ldap
# ENV LDAP_AUTHENTICATION_DOMAIN_NAME     no default
# ENV LDAP_URL                            ldap://localhost
# ENV LDAP_BIND_USER                      no default
# ENV LDAP_BIND_PASSWORD                  no default
# ENV LDAP_CHASE_REFERRALS                no default
# ENV LDAP_PAGE_SIZE                      0
# ENV LDAP_USER_TREE_DN                   no default
# ENV LDAP_USER_OBJECTCLASS               inetOrgPerson
# ENV LDAP_USER_ID_ATTRIBUTE              cn
# ENV LDAP_USER_NAME_ATTRIBUTE            sn
# ENV LDAP_USER_PASS_ATTRIBUTE            userPassword
# ENV LDAP_USER_FILTER                    no default
# ENV LDAP_USER_ENABLED_ATTRIBUTE         enabled
# ENV LDAP_USER_ENABLED_MASK              0
# ENV LDAP_USER_ENABLED_DEFAULT           true
# ENV LDAP_USER_ENABLED_INVERT            false
# ENV LDAP_GROUP_OBJECTCLASS              groupOfNames
# ENV LDAP_GROUP_TREE_DN                  no default
# ENV LDAP_USE_STARTTLS                   false
# ENV LDAP_TLS_CACERT_BASE64              no default
# ENV LDAP_TLS_REQ_CERT                   demand

ENTRYPOINT ["./start.sh"]
