#!/bin/bash
# SYSENG-28030 - sssd monitoring

CHECK_NAME="sssd_service_check"
SSSD_CONF="/etc/sssd/sssd.conf"
SERVICE="sssd"

function check_service_status() {
  local service="$1"
  systemctl --quiet is-active "${service}" && IS_ACTIVE=true || IS_ACTIVE=false
  systemctl --quiet is-enabled "${service}" && IS_ENABLED=true || IS_ENABLED=false
  systemctl status "${service}" -l | tail -1 |grep -q "Backend is offline" && HAS_ERRORS=true || HAS_ERRORS=false
}

# skip unmanaged / cores
if ! grep -E -q '10\.10\.10\.10|10\.10\.10\.11' /etc/salt/minion; then
  echo "sssd not managed"
  exit 0
fi

# skip mvps and solus
if grep -E -q 'role: flexdedi$|role: mvps$' /etc/salt/minion; then
  echo "sssd not managed"
  exit 0
fi

# skip ldap LBers but keep it on internal roles
if grep -E -q '^ldap-lb' /etc/hostname; then
  echo "sssd not managed"
  exit 0
fi

if [[ ! -e "${SSSD_CONF}" ]]; then
  echo "${SSSD_CONF} not found"
  exit 2
fi

if ! grep -q "ipa_domain = a2noc.net" "${SSSD_CONF}"; then
  echo "unexpected ipa_domain value in ${SSSD_CONF}"
  exit 2
fi

check_service_status "${SERVICE}"

if "${HAS_ERRORS}"; then
  echo "backend is offline"
  exit 2
fi

if "${IS_ACTIVE}" && "${IS_ENABLED}"; then
  echo "is active and enabled"
  exit 0
elif "${IS_ACTIVE}"; then
  echo "is active but not enabled"
  exit 1
elif "${IS_ENABLED}"; then
  echo "is enabled but not active"
  exit 2
else
  echo "is not enabled or active"
  exit 2
fi