#!/usr/bin/python3

import sys
from netops.ngcs import client, models, logic

node_address = sys.argv[1]
certs = (sys.argv[2]+".crt", sys.argv[2]+".key")

# Remote IPAccess go service
remote_ipa_service = models.FirewallService(
    {
        "name": "nom-ipaccess-lhvpn",
        "label": "NetOps IP Access - Remote Service",
        "ports": [{"protocol": "tcp", "port": 8980}]
    }
)

api_sess = client.Api(node_address, certs)
api_sess.update_firewall_service(remote_ipa_service)
lhvpn_zone = logic.find_firewall_zone(api_sess.get_firewall_zones(), name='lhvpn')

# Remote IPAccess go service firewall rule
remote_ipa_rule = models.FirewallRule(
    {
        "service": remote_ipa_service.name,
        "zone": lhvpn_zone.id
    }
)

# Predefined Firewalld service for gre services
remote_gre_rule = models.FirewallRule(
    {
        "service": "gre",
        "zone": lhvpn_zone.id
    }
)

# Add rule for to access the remote IPAccess service
try:
    logic.find_firewall_rule(api_sess.get_firewall_rules(), service=remote_ipa_service.name, zone=lhvpn_zone.id)
except logic.NotFoundException:
    api_sess.post_firewall_rule(remote_ipa_rule)

# Add rule for allowing GRE services on LHVPN
try:
    logic.find_firewall_rule(api_sess.get_firewall_rules(), service="gre", zone=lhvpn_zone.id)
except logic.NotFoundException:
    api_sess.post_firewall_rule(remote_gre_rule)