#!/usr/bin/python3

import sys
from netops.ngcs import client, models, logic

node_address = sys.argv[1]
certs = (sys.argv[2]+".crt", sys.argv[2]+".key")

# Remote ZTPoC service
remote_ztpoc_service = models.FirewallService(
    {
        "name": "nom-ztpoc-lhvpn",
        "label": "NetOps ZTPoC - Remote Service",
        "ports": [{"protocol": "tcp", "port": 8000}]
    }
)

api_sess = client.Api(node_address, certs)
api_sess.update_firewall_service(remote_ztpoc_service)
lhvpn_zone = logic.find_firewall_zone(api_sess.get_firewall_zones(), name='lhvpn')

# Remote ZTPoC service firewall rule
remote_ztpoc_rule = models.FirewallRule(
    {
        "service": remote_ztpoc_service.name,
        "zone": lhvpn_zone.id
    }
)

# Add rule for to access the remote ZTPoC service
try:
    logic.find_firewall_rule(api_sess.get_firewall_rules(), service=remote_ztpoc_service.name, zone=lhvpn_zone.id)
except logic.NotFoundException:
    api_sess.post_firewall_rule(remote_ztpoc_rule)
