#!/usr/bin/perl

use strict;
use warnings;
use perunServicesInit;
use perunServicesUtils;
use File::Basename;

local $::SERVICE_NAME = basename($0);
local $::PROTOCOL_VERSION = "3.0.0";
my $SCRIPT_VERSION = "3.0.0";

perunServicesInit::init;
my $data = perunServicesInit::getHashedHierarchicalData;
my $DIRECTORY = perunServicesInit::getDirectory;


our $A_PRINCIPALS;                    *A_PRINCIPALS =                       \'urn:perun:user:attribute-def:def:kerberosLogins';
our $A_MEMBER_STATUS;                 *A_MEMBER_STATUS =                      \'urn:perun:member:attribute-def:core:status';

my $service_file_name = "$DIRECTORY/$::SERVICE_NAME";

my %userPrincipals;
foreach my $resourceId ($data->getResourceIds()) {
	foreach my $memberId ($data->getMemberIdsForResource( resource => $resourceId )) {
		next if $data->getMemberAttributeValue( member => $memberId, attrName => $A_MEMBER_STATUS ) ne 'VALID';
		for my $principal (@{$data->getUserAttributeValue( member => $memberId, attrName => $A_PRINCIPALS )}) {
			$userPrincipals{$principal} = 1;
		}
	}
}

####### output file ######################
open SERVICE_FILE,">$service_file_name" or die "Cannot open $service_file_name: $! \n";

print SERVICE_FILE "target_clients =\n";
print SERVICE_FILE join("\n", sort keys %userPrincipals), "\n";
print SERVICE_FILE ";\n";

close(SERVICE_FILE);

perunServicesInit::finalize;
