summaryrefslogtreecommitdiffstats
path: root/provisioning-model.lua
blob: 3618194c38210ce2270360516bb634567888f640 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
module (..., package.seeall)

-- Load libraries
require("modelfunctions")
require("posix")
require("fs")
require("format")
require("validator")
require("luasql.postgres")
require("session")

-- Set variables
local DatabaseName = "provisioning"
local DatabaseUser = "postgres"
local DatabasePassword

local path = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin "
local baseurl = "/etc/provisioning/templates/"
local updatedevicescriptfile = "/etc/provisioning/update_device.lua"
local updatedeviceparamsscriptfile = "/etc/provisioning/update_device_params.lua"
local env
local con

local saved_devices = {}
local saved_device_params = {}

-- if a table_creation_script does not create the named table or throw an exception then you will get an infinite loop, so be careful
local table_creation_scripts = {
	-- List of all available templates
	provisioning_templates = {
		"CREATE TABLE provisioning_templates (template_id SERIAL PRIMARY KEY, filename VARCHAR(255) UNIQUE, label VARCHAR(255) UNIQUE)",
	},
	-- List of each device that we manage
	provisioning_devices = {
		"CREATE TABLE provisioning_devices (device_id SERIAL PRIMARY KEY, name VARCHAR(255) UNIQUE, label VARCHAR(255), template_id INTEGER REFERENCES provisioning_templates)",
		"CREATE INDEX devices_name_idx ON provisioning_devices (name)",
		"CREATE INDEX devices_template_idx ON provisioning_devices (template_id)",
	},
	-- Multi-to-multi mapping of devices to classes
	devices_to_classes = {
		"CREATE TABLE devices_to_classes (device_id INTEGER REFERENCES provisioning_devices, class_id INTEGER REFERENCES provisioning_classes)",
		"CREATE INDEX d2c_device_idx ON devices_to_classes (device_id)",
		"CREATE INDEX d2c_class_idx ON devices_to_classes (class_id)",
		-- Need to enforce that devices do not contain more than one class with same name (using triggers)
		-- Theoretically should also check on updates and updates of classes, but not going to bother
		"CREATE OR REPLACE FUNCTION check_class_names() RETURNS TRIGGER AS $$ \
			BEGIN \
				PERFORM * from provisioning_classes join devices_to_classes using(class_id) where device_id=NEW.device_id and name=(select name from provisioning_classes where class_id=NEW.class_id); \
				IF FOUND THEN \
					RAISE EXCEPTION 'Device cannot have multiple classes with the same name'; \
				END IF; \
				RETURN NEW; \
			END; \
		$$ LANGUAGE plpgsql",
		"CREATE TRIGGER check_class_trigger BEFORE INSERT ON devices_to_classes FOR EACH ROW EXECUTE PROCEDURE check_class_names()",
	},
	-- List of different device classes
	provisioning_classes = {
		"CREATE TABLE provisioning_classes (class_id SERIAL PRIMARY KEY, name VARCHAR(255), label VARCHAR(255))",
		"CREATE INDEX classes_name_idx ON provisioning_classes (name)",
		"CREATE INDEX classes_label_idx ON provisioning_classes (label)",
		-- Need to enforce that name/label combo is unique
		"CREATE UNIQUE INDEX classes_name_label_idx ON provisioning_classes (name, label)",
	},
	-- Multi-to-multi mapping of classes to parameter groups
	classes_to_param_groups = {
		"CREATE TABLE classes_to_param_groups (class_id INTEGER REFERENCES provisioning_classes, group_id INTEGER REFERENCES provisioning_groups)",
		"CREATE INDEX c2g_class_idx ON classes_to_param_groups (class_id)",
		"CREATE INDEX c2g_group_idx ON classes_to_param_groups (group_id)",
		-- Need to enforce that classes do not contain more than one parameter group with same name (using triggers)
		-- Theoretically should also check on updates and updates of groups, but not going to bother
		"CREATE OR REPLACE FUNCTION check_group_names() RETURNS TRIGGER AS $$ \
		        BEGIN \
				PERFORM * from provisioning_groups join classes_to_param_groups using(group_id) where class_id=NEW.class_id and name=(select name from provisioning_groups where group_id=NEW.group_id); \
				IF FOUND THEN \
					RAISE EXCEPTION 'Classes cannot have multiple parameter groups with the same name'; \
				END IF; \
				RETURN NEW; \
			END; \
		$$ LANGUAGE plpgsql",
		"CREATE TRIGGER check_group_trigger BEFORE INSERT ON classes_to_param_groups FOR EACH ROW EXECUTE PROCEDURE check_group_names()",
	},
	-- List of different parameter groups
	provisioning_groups = {
		"CREATE TABLE provisioning_groups (group_id SERIAL PRIMARY KEY, name VARCHAR(255), label VARCHAR(255) UNIQUE, seq INTEGER)",
		"CREATE INDEX groups_name_idx ON provisioning_groups (name)",
	},
	-- Multi-to-multi mapping of parameter groups to parameters
	param_groups_to_params = {
		"CREATE TABLE param_groups_to_params (group_id INTEGER REFERENCES provisioning_groups, param_id INTEGER REFERENCES provisioning_params, value VARCHAR(255), editable BOOLEAN)",
		"CREATE INDEX g2p_group_idx ON param_groups_to_params (group_id)",
		"CREATE INDEX g2p_param_idx ON param_groups_to_params (param_id)",
		"CREATE INDEX g2p_editable_idx ON param_groups_to_params (editable)",
		"CREATE UNIQUE INDEX g2p_group_param_idx ON param_groups_to_params (group_id, param_id)",
	},
	-- List of each parameter used in any way for any device - mostly for how to display
	provisioning_params = {
		"CREATE TABLE provisioning_params (param_id SERIAL PRIMARY KEY, name VARCHAR(255) UNIQUE, type VARCHAR(255), label VARCHAR(255), descr VARCHAR(255), value VARCHAR(255), seq INTEGER, regexp VARCHAR(255))",
		"CREATE INDEX params_name_idx ON provisioning_params (name)",
	},
	-- All of the (non-default) parameter values for all devices are stored here
	provisioning_values = {
		-- device_id is a device id from provisioning_devices and param_id is a param id from provisioning_params
		"CREATE TABLE provisioning_values (device_id INTEGER REFERENCES provisioning_devices, group_name VARCHAR(255), param_id INTEGER REFERENCES provisioning_params, value VARCHAR(255))",
		"CREATE INDEX values_device_idx ON provisioning_values (device_id)",
		"CREATE INDEX values_group_idx ON provisioning_values (group_name)",
		"CREATE INDEX values_param_idx ON provisioning_values (param_id)",
		"CREATE UNIQUE INDEX values_device_group_param_idx ON provisioning_values (device_id, group_name, param_id)",
		-- Need to enforce that group_name is a valid name in provisioning_groups (cannot use foreign key because name is not unique in provisioning_groups)
		-- Better yet, we'll check for a valid combination of device, group, and param (using triggers)
		-- Theoretically should also check on updates and updates of devices, groups, or parameters, but not going to bother
		"CREATE OR REPLACE FUNCTION check_valid_param() RETURNS TRIGGER AS $$ \
		        BEGIN \
				PERFORM * from devices_to_classes d join provisioning_classes using(class_id) join classes_to_param_groups using(class_id) join provisioning_groups g using(group_id) join param_groups_to_params p using(group_id) where d.device_id=NEW.device_id and g.name=NEW.group_name and p.param_id=NEW.param_id; \
				IF NOT FOUND THEN \
					RAISE EXCEPTION 'Invalid combination of device, group, and parameter'; \
				END IF; \
				RETURN NEW; \
			END; \
		$$ LANGUAGE plpgsql",
		"CREATE TRIGGER valid_param_trigger BEFORE INSERT ON provisioning_values FOR EACH ROW EXECUTE PROCEDURE check_valid_param()",
	},
	-- List of options for parameters
	provisioning_options = {
		"CREATE TABLE provisioning_options (param_id INTEGER REFERENCES provisioning_params, label VARCHAR(255), value VARCHAR(255), seq INTEGER)",
		"CREATE INDEX options_param_idx ON provisioning_options (param_id)",
		"CREATE UNIQUE INDEX options_param_label_idx ON provisioning_options (param_id, label)",
	},
}

-- ################################################################################
-- LOCAL FUNCTIONS
local function escape_quotes(str)
	return string.gsub(str or "", "'", "'\\''")
end

local function assert (v, m)
	if not v then
		m = m or "Assertion failed!"
		error(m, 0)
	end
	return v, m
end

-- Escape special characters in sql statements
local escape = function(sql)
	sql = sql or ""
	sql = string.gsub(sql, "'", "''")
	return string.gsub(sql, "\\", "\\\\")
end

local createdatabase = function()
        local result = {}

	-- First, create the user
	if DatabaseUser ~= "postgres" then
		local cmd = path..'psql -U postgres -c "CREATE USER '..DatabaseUser..''
		if DatabasePassword then
			cmd = cmd .. ' WITH PASSWORD \''..DatabasePassword..'\''
		end
		cmd = cmd .. '" 2>&1'
		local f = io.popen(cmd)
		table.insert(result, f:read("*a"))
		f:close()
	end
	
	-- Create the database
	local cmd = path..'psql -U postgres -c "CREATE DATABASE '..DatabaseName..' WITH OWNER '..DatabaseUser..'" 2>&1'
	local f = io.popen(cmd)
	table.insert(result, f:read("*a"))
	f:close()

	cmd = path..'createlang -U postgres plpgsql '..DatabaseName
	f = io.popen(cmd)
	table.insert(result, f:read("*a"))
	f:close()

	logevent(table.concat(result, "\n"))

	return table.concat(result, "\n")
end
	
-- Delete the database and roles
local deletedatabase = function()
	local result = {}
	
	local cmd = path..'psql -U postgres -c "DROP DATABASE '..DatabaseName..'" 2>&1'
	local f = io.popen(cmd)
	table.insert(result, f:read("*a"))
	f:close()

	if DatabaseUser ~= "postgres" then
		cmd = path..'psql -U postgres -c "DROP ROLE '..DatabaseUser..'" 2>&1'
		f = io.popen(cmd)
		table.insert(result, f:read("*a"))
		f:close()
	end

	logevent(table.concat(result, "\n"))

	return table.concat(result, "\n")
end

local databaseconnect = function()
	if not con then
		-- create environment object
		env = assert (luasql.postgres())
		-- connect to data source
		local err
		con, err = env:connect(DatabaseName, DatabaseUser, DatabasePassword)
		if err and string.match(err, "Error connecting to database.") then
			createdatabase()
			con, err = env:connect(DatabaseName, DatabaseUser, DatabasePassword)
		end
		assert(con, err)
		return true
	end
	return false
end

local databasedisconnect = function()
	if env then
		env:close()
		env = nil
	end
	if con then
		con:close()
		con = nil
	end
end

-- Declare runsqlcommand first because it's recursive
-- we also have recursion when runsqlcommand calls runscript, so we have to be careful in creating table_creation_scripts
local runsqlcommand

local runscript = function(script, in_transaction)
	for i,scr in ipairs(script) do
		runsqlcommand(scr, in_transaction)
	end
end

runsqlcommand = function(sql, in_transaction)
logevent(sql)
	if in_transaction then assert(con:execute("SAVEPOINT before_command")) end
        local res, err = con:execute(sql)
	if not res and err then
		-- Catch the error to see if it's caused by lack of table
logevent(err)
		local table = string.match(err, "relation \"(%S+)\" does not exist")
		if table and table_creation_scripts[table] then
			if in_transaction then assert(con:execute("ROLLBACK TO before_command")) end
			runscript(table_creation_scripts[table])
			runsqlcommand(sql)
		else
			assert(res, err)
		end
	else
		if in_transaction then assert(con:execute("RELEASE SAVEPOINT before_command")) end
	end
end

local getselectresponse
getselectresponse = function(sql, in_transaction)
	local retval = {}
	if in_transaction then assert(con:execute("SAVEPOINT before_select")) end
        local res, err = pcall(function()
logevent(sql)
		local cur = assert (con:execute(sql))
		local row = cur:fetch ({}, "a")
		while row do
			local tmp = {}
			for name,val in pairs(row) do
				tmp[name] = val
			end
			retval[#retval + 1] = tmp
			row = cur:fetch (row, "a")
		end
		cur:close()
	end)
	if not res and err then
logevent(err)
		-- Catch the error to see if it's caused by lack of table
		local table = string.match(err, "relation \"(%S+)\" does not exist")
		if table and table_creation_scripts[table] then
			if in_transaction then assert(con:execute("ROLLBACK TO before_select")) end
			runscript(table_creation_scripts[table])
			return getselectresponse(sql)
		else
			assert(res, err)
		end
	else
		if in_transaction then assert(con:execute("RELEASE SAVEPOINT before_select")) end
	end
	return retval
end

local validateparam
validateparam = function(p)
	if p.type == "group" then
		local success = true
		for n,p2 in pairs(p.value) do
			success = validateparam(p2) and success
		end
		return success
	elseif p.type == "select" then
		return modelfunctions.validateselect(p)
	elseif p.type == "text" and p.regexp and p.regexp ~= "" then
		if not string.match(p.value, p.regexp) then
			p.errtxt = "Invalid value"
			return false
		end
	end
	return true
end

local function callscript(script, value, oldvalue)
	local functions = {
		getselectresponse=getselectresponse,
		runsqlcommand=runsqlcommand,
		get_device=get_device,
		get_device_params=get_device_params,
	}
	local env = {}
	setmetatable (env, {__index = _G})
	-- loadfile loads into the global environment
	-- so we set env 0, not env 1
	setfenv (0, env)
	local f = loadfile(script)
	if (f) then f(functions, value, oldvalue) end
	setfenv (0, _G)
end

local function validatefiledetails(filedetails)
	local success = true
	
	-- Validate that contents are valid lua code
	local env = {}
	setmetatable (env, {__index = _G})
	-- loadfile loads into the global environment
	-- so we set env 0, not env 1
	setfenv (0, env)
	local f,err = loadstring(filedetails.value.filecontent.value)
	if not (f) then
		success = false
		filedetails.value.filecontent.errtxt = "Invalid Lua code\n"..(err or "")
	end
	setfenv (0, _G)
	-- setmetatable (self.conf.app_hooks, {})

	return success, filedetails
end

local duplicatestructure
duplicatestructure = function(value, saved)
	saved = saved or {}
	if type(value) == "table" then
		if saved[value] then
			return saved[value]
		else
			local output = {}
			saved[value] = output
			for k,v in pairs(value) do
				output[k] = duplicatestructure(v, saved)
			end
			return output
		end
	else
		return value
	end
end

-- ################################################################################
-- PUBLIC FUNCTIONS

list_templates = function()
	local retval = {}
	local errtxt
	-- Get the templates from the DB
        local res, err = pcall(function()
		local connected = databaseconnect()
		local sql = "SELECT * FROM provisioning_templates ORDER BY label ASC, filename ASC"
		retval = getselectresponse(sql)
		if connected then databasedisconnect() end
	end)
	if not res and err then
		errtxt = err
	end
	local reversed = {}
	for i,t in ipairs(retval) do
		reversed[t.filename] = i
	end
	-- Get the file stats for each template and add in any template files that aren't in the DB
	fs.create_directory(baseurl)
	for f in posix.files(baseurl) do
		local file = baseurl..f
                local details = fs.stat(file)
		if details.type == "regular" then
			if not reversed[file] then
				retval[#retval+1] = {filename=file}
				reversed[file] = #retval
			end
			local t = retval[reversed[file]]
			t.filesize = details.size
			t.mtime = details.mtime
		end
	end

	return cfe({ type="structure", value=retval, label="List of Templates", errtxt=errtxt })
end

get_template = function(template_id, filename)
	local retval = {}
	if filename and not string.match(filename, "/") then
		filename = baseurl .. filename
	end
	retval.template_id = cfe({value=template_id or "", label="Template ID"})
	retval.filename = cfe({value=filename or "", label="File Name", descr="Must be in "..baseurl})
	retval.label = cfe({label="Template Label"})
	local errtxt
	if template_id and template_id ~= "" then
	        local res, err = pcall(function()
			local connected = databaseconnect()
			local sql = "SELECT * FROM provisioning_templates WHERE template_id='"..escape(template_id).."' ORDER BY label ASC, filename ASC"
			local tmp = getselectresponse(sql)
			if tmp and #tmp > 0 then
				for n,v in pairs(tmp[1]) do
					if retval[n] then
						retval[n].value = v
					end
				end
			end
			if connected then databasedisconnect() end
		end)
		if not res and err then
			errtxt = err
		end
	end
	local filedetails = modelfunctions.getfiledetails(retval.filename.value, function(filename) return validator.is_valid_filename(filename, baseurl) end)
	for i,n in ipairs({"filecontent", "filesize", "mtime"}) do
		retval[n] = filedetails.value[n]
	end

	return cfe({ type="group", value=retval, label="Provisioning Template", errtxt=errtxt })
end

create_template = function(template)
	return update_template(template, true)
end

update_template = function(template, create)
	local success = true
	local errtxt
	-- Validate the settings
	if template.value.filename and not string.match(template.value.filename.value, "/") then
		template.value.filename.value = baseurl .. template.value.filename.value
	end
	if not validator.is_valid_filename(template.value.filename.value, baseurl) then
		success = false
		template.value.filename.errtxt = "Invalid filename"
	end
	if template.value.label.value == "" then
		success = false
		template.value.label.errtxt = "Cannot be blank"
	end
	if success then
        	local res, err = pcall(function()
			local connected = databaseconnect()
			if not create then
				local sql = "SELECT * FROM provisioning_templates WHERE template_id='"..escape(template.value.template_id.value).."'"
				local tmp = getselectresponse(sql)
				if not tmp or #tmp == 0 then
					success = false
					errtxt = "Template does not exist"
				end
			end
			if success then
				if create then
					sql = "INSERT INTO provisioning_templates VALUES(DEFAULT, '"..escape(template.value.filename.value).."', '"..escape(template.value.label.value).."')"
				else
					sql = "UPDATE provisioning_templates SET (filename, label) = ('"..escape(template.value.filename.value).."', '"..escape(template.value.label.value).."') WHERE template_id='"..escape(template.value.template_id.value).."'"
				end
				runsqlcommand(sql)

				fs.write_file(template.value.filename.value, string.gsub(format.dostounix(template.value.filecontent.value), "\n+$", ""))
			end
			if connected then databasedisconnect() end
		end)
		if not res and err then
			success = false
			errtxt = err
		end
	end
	if not success then
		if create then
			template.errtxt = errtxt or "Failed to create template"
		else
			template.errtxt = errtxt or "Failed to save template"
		end
	end
	return template
end

delete_template = function(template_id)
	local result = ""
	local errtxt
       	local res, err = pcall(function()
		local connected = databaseconnect()
		local sql = "SELECT * FROM provisioning_templates WHERE template_id='"..escape(template_id).."'"
		local tmp = getselectresponse(sql)
		if #tmp == 0 then
			errtxt = "Template does not exist"
		else
			-- Remove the template
			sql = "DELETE FROM provisioning_templates WHERE template_id='"..escape(template_id).."'"
			runsqlcommand(sql)
			-- Delete the template file
			os.remove(tmp[1].filename)
			result = "Template Deleted"
		end
		if connected then databasedisconnect() end
	end)
	if not res and err then
		errtxt = err
	end

	return cfe({ value=result, errtxt=errtxt, label="Delete Template Result" })
end

list_classes = function()
	local retval = {}
	local errtxt
	-- Get the classes from the DB
        local res, err = pcall(function()
		local connected = databaseconnect()
		local sql = "SELECT * FROM provisioning_classes ORDER BY name ASC, label ASC"
		retval = getselectresponse(sql)
		if connected then databasedisconnect() end
	end)
	if not res and err then
		errtxt = err
	end

	return cfe({ type="structure", value=retval, label="List of Classes", errtxt=errtxt })
end

get_class = function(class_id)
	local retval = {}
	retval.class_id = cfe({value=class_id or "", label="Class ID", seq=1})
	retval.name = cfe({label="Name", seq=2})
	retval.label = cfe({label="Label", seq=3})
	retval.groups = cfe({type="group", value={}, label="Parameter Groups", seq=4})
	local errtxt
	local res, err = pcall(function()
		local groups = {}
		local connected = databaseconnect()
		if class_id and class_id ~= "" then
			local sql = "SELECT * FROM provisioning_classes WHERE class_id='"..escape(class_id).."'"
			local tmp = getselectresponse(sql)
			if tmp and #tmp > 0 then
				for n,v in pairs(tmp[1]) do
					if retval[n] then
						retval[n].value = v
					end
				end
			end
			-- Now, get the class-to-paramgroup mappings
			sql = "SELECT group_id FROM classes_to_param_groups WHERE class_id="..escape(class_id)
			tmp = getselectresponse(sql)
			for i,g in ipairs(tmp) do
				groups[g.group_id] = true
			end
		end
		-- Finally, get the paramgroup options
		sql = "SELECT group_id, name, label FROM provisioning_groups ORDER BY seq ASC, name ASC"
		tmp = getselectresponse(sql)
		for i,g in ipairs(tmp) do
			if not retval.groups.value[g.name] then
				retval.groups.value[g.name] = cfe({type="select", label=g.name, option={{value="", label=""}}, seq=i})
			end
			local group = retval.groups.value[g.name]
			group.option[#group.option + 1] = {value=g.group_id, label=g.label}
			if groups[g.group_id] then
				group.value = g.group_id
			end
		end
		if connected then databasedisconnect() end
	end)
	if not res and err then
		errtxt = err
	end

	return cfe({ type="group", value=retval, label="Provisioning Class", errtxt=errtxt })
end

create_class = function(class)
	return update_class(class, true)
end

update_class = function(class, create)
	local success = true
	local errtxt
	-- Validate the settings
	if class.value.name.value == "" then
		success = false
		class.value.name.errtxt = "Cannot be blank"
	end
	if class.value.label.value == "" then
		success = false
		class.value.label.errtxt = "Cannot be blank"
	end
	for n,g in pairs(class.value.groups.value) do
		success = modelfunctions.validateselect(g) and success
	end
	if success then
        	local res, err = pcall(function()
			local connected = databaseconnect()
			if not create then
				local sql = "SELECT * FROM provisioning_classes WHERE class_id='"..escape(class.value.class_id.value).."'"
				local tmp = getselectresponse(sql)
				if not tmp or #tmp == 0 then
					success = false
					errtxt = "Class does not exist"
				end
			end
			if success then
				local sql = "BEGIN TRANSACTION"
				runsqlcommand(sql)
				if create then
					sql = "INSERT INTO provisioning_classes VALUES(DEFAULT, '"..escape(class.value.name.value).."', '"..escape(class.value.label.value).."')"
					runsqlcommand(sql, true)
					sql = "SELECT class_id FROM provisioning_classes WHERE name='"..escape(class.value.name.value).."' AND label='"..escape(class.value.label.value).."'"
					local tmp = getselectresponse(sql, true)
					if tmp and #tmp>0 then
						class.value.class_id.value = tmp[1].class_id
					end
				else
					sql = "UPDATE provisioning_classes SET (name, label) = ('"..escape(class.value.name.value).."', '"..escape(class.value.label.value).."') WHERE class_id='"..escape(class.value.class_id.value).."'"
					runsqlcommand(sql, true)
					sql = "DELETE FROM classes_to_param_groups WHERE class_id='"..escape(class.value.class_id.value).."'"
					runsqlcommand(sql, true)
				end
				-- Insert the class to group entries
				for n,g in pairs(class.value.groups.value) do
					if g.value ~= "" then
						sql = "INSERT INTO classes_to_param_groups VALUES('"..escape(class.value.class_id.value).."', '"..escape(g.value).."')"
						runsqlcommand(sql, true)
					end
				end

				sql = "COMMIT"
				runsqlcommand(sql)
			end
			if connected then databasedisconnect() end
		end)
		if not res and err then
			pcall(function() con:execute("ROLLBACK") end)
			success = false
			errtxt = err
		end
	end
	if not success then
		if create then
			class.errtxt = errtxt or "Failed to create class"
		else
			class.errtxt = errtxt or "Failed to save class"
		end
	end
	return class
end

delete_class = function(class_id)
	local result = ""
	local errtxt
       	local res, err = pcall(function()
		local connected = databaseconnect()
		local sql = "SELECT * FROM provisioning_classes WHERE class_id='"..escape(class_id).."'"
		local tmp = getselectresponse(sql)
		if #tmp == 0 then
			errtxt = "Class does not exist"
		else
			sql = "BEGIN TRANSACTION"
			runsqlcommand(sql)
			sql = "DELETE FROM provisioning_classes WHERE class_id='"..escape(class_id).."'"
			runsqlcommand(sql, true)
			sql = "DELETE FROM classes_to_param_groups WHERE class_id='"..escape(class_id).."'"
			runsqlcommand(sql, true)
			result = "Class Deleted"
			sql = "COMMIT"
			runsqlcommand(sql)
		end
		if connected then databasedisconnect() end
	end)
	if not res and err then
		pcall(function() con:execute("ROLLBACK") end)
		errtxt = err
	end

	return cfe({ value=result, errtxt=errtxt, label="Delete Class Result" })
end

list_groups = function()
	local retval = {}
	local errtxt
	-- Get the groups from the DB
        local res, err = pcall(function()
		local connected = databaseconnect()
		local sql = "SELECT * FROM provisioning_groups ORDER BY seq ASC, name ASC, label ASC"
		retval = getselectresponse(sql)
		if connected then databasedisconnect() end
	end)
	if not res and err then
		errtxt = err
	end

	return cfe({ type="structure", value=retval, label="List of Parameter Groups", errtxt=errtxt })
end

get_group = function(group_id)
	local retval = {}
	retval.group_id = cfe({value=group_id or "", label="Group ID", seq=1})
	retval.name = cfe({label="Name", seq=2})
	retval.label = cfe({label="Label", seq=3})
	retval.seq = cfe({label="Sequence", seq=4})
	retval.params = cfe({type="multi", value={}, label="Parameters", option={}, descr="Each selected parameter will be included in the group", seq=5})
	retval.editable = cfe({type="multi", value={}, label="Editable Parameters", option={}, descr="Each selected parameter will be user editable", seq=6})
	retval.defaults = cfe({type="group", value={}, label="Parameter Defaults", seq=7})
	local errtxt
	local res, err = pcall(function()
		local connected = databaseconnect()
		-- First, let's get all the parameters to set up the params.options and defaults
		local sql = "SELECT * FROM provisioning_params ORDER BY seq ASC, name ASC"
		local tmp = getselectresponse(sql)
		for i,p in ipairs(tmp) do
			retval.params.option[#retval.params.option + 1] = {value=p.param_id, label=p.label}
			retval.editable.option[#retval.editable.option + 1] = {value=p.param_id, label=p.label}
			p.seq = i
			if p.type == "select" then
				sql = "SELECT * FROM provisioning_options WHERE param_id='"..escape(p.param_id).."' ORDER BY seq ASC"
				p.option = getselectresponse(sql) or {}
			end
			if p.type == "boolean" then
				p.value = (p.value == "true")
			end
			retval.defaults.value[p.param_id] = p
		end
		if group_id and group_id ~= "" then
			sql = "SELECT * FROM provisioning_groups WHERE group_id='"..escape(group_id).."'"
			tmp = getselectresponse(sql)
			if tmp and #tmp > 0 then
				for n,v in pairs(tmp[1]) do
					if retval[n] then
						retval[n].value = v
					end
				end
			end
			-- Now, get the paramgroup-to-param mappings
			sql = "SELECT * FROM param_groups_to_params WHERE group_id="..escape(group_id)
			tmp = getselectresponse(sql)
			for i,p in ipairs(tmp) do
				retval.params.value[#retval.params.value + 1] = p.param_id
				if (p.editable == "t") then
					retval.editable.value[#retval.editable.value + 1] = p.param_id
				end
				if retval.defaults.value[p.param_id].type == "boolean" then
					retval.defaults.value[p.param_id].value = (p.value == "true")
				else
					retval.defaults.value[p.param_id].value = p.value
				end
			end
		end
		if connected then databasedisconnect() end
	end)
	if not res and err then
		errtxt = err
	end

	return cfe({ type="group", value=retval, label="Provisioning Parameter Group", errtxt=errtxt })
end

create_group = function(group)
	return update_group(group, true)
end

update_group = function(group, create)
	local success = true
	local errtxt
	-- Validate the settings
	success = modelfunctions.validatemulti(group.value.params)
	if group.value.name.value == "" then
		success = false
		group.value.name.errtxt = "Cannot be blank"
	-- Group name cannot be device_id, name, or label or will mess up get_device_params
	elseif group.value.name.value == "device_id" or group.value.name.value == "name" or  group.value.name.value == "label" then 
		success = false
		group.value.name.errtxt = "Illegal name"
	end
	if group.value.label.value == "" then
		success = false
		group.value.label.errtxt = "Cannot be blank"
	end
	if not validator.is_integer(group.value.seq.value) then
		success = false
		group.value.seq.errtxt = "Must be an integer"
	end
	-- Validate the param defaults
	success = validateparam(group.value.defaults) and success
	if success then
        	local res, err = pcall(function()
			local connected = databaseconnect()
			if not create then
				local sql = "SELECT * FROM provisioning_groups WHERE group_id='"..escape(group.value.group_id.value).."'"
				local tmp = getselectresponse(sql)
				if not tmp or #tmp == 0 then
					success = false
					errtxt = "Group does not exist"
				end
			end
			if success then
				local sql = "BEGIN TRANSACTION"
				runsqlcommand(sql)
				if create then
					sql = "INSERT INTO provisioning_groups VALUES(DEFAULT, '"..escape(group.value.name.value).."', '"..escape(group.value.label.value).."', '"..escape(group.value.seq.value).."')"
					runsqlcommand(sql, true)
					sql = "SELECT group_id FROM provisioning_groups WHERE name='"..escape(group.value.name.value).."' AND label='"..escape(group.value.label.value).."'"
					local tmp = getselectresponse(sql, true)
					if tmp and #tmp>0 then
						group.value.group_id.value = tmp[1].group_id
					end
				else
					sql = "UPDATE provisioning_groups SET (name, label, seq) = ('"..escape(group.value.name.value).."', '"..escape(group.value.label.value).."', '"..escape(group.value.seq.value).."') WHERE group_id='"..escape(group.value.group_id.value).."'"
					runsqlcommand(sql, true)
					sql = "DELETE FROM param_groups_to_params WHERE group_id='"..escape(group.value.group_id.value).."'"
					runsqlcommand(sql, true)
				end
				-- Reverse the editable table for ease of use below
				local reverseeditable = {}
				for i,p in ipairs(group.value.editable.value) do
					reverseeditable[p] = i
				end
				-- Insert the group to param entries
				for i,p in ipairs(group.value.params.value) do
					sql = "INSERT INTO param_groups_to_params VALUES('"..escape(group.value.group_id.value).."', '"..escape(p).."', '"..escape(tostring(group.value.defaults.value[p].value)).."', '"..tostring(reverseeditable[p] ~= nil).."')"
					runsqlcommand(sql, true)
				end

				sql = "COMMIT"
				runsqlcommand(sql)
			end
			if connected then databasedisconnect() end
		end)
		if not res and err then
			pcall(function() con:execute("ROLLBACK") end)
			success = false
			errtxt = err
		end
	end
	if not success then
		if create then
			group.errtxt = errtxt or "Failed to create parameter group"
		else
			group.errtxt = errtxt or "Failed to save parameter group"
		end
	end
	return group
end

delete_group = function(group_id)
	local result = ""
	local errtxt
       	local res, err = pcall(function()
		local connected = databaseconnect()
		local sql = "SELECT * FROM provisioning_groups WHERE group_id='"..escape(group_id).."'"
		local tmp = getselectresponse(sql)
		if #tmp == 0 then
			errtxt = "Group does not exist"
		else
			sql = "BEGIN TRANSACTION"
			runsqlcommand(sql)
			sql = "DELETE FROM provisioning_groups WHERE group_id='"..escape(group_id).."'"
			runsqlcommand(sql, true)
			sql = "DELETE FROM param_groups_to_params WHERE group_id='"..escape(group_id).."'"
			runsqlcommand(sql, true)
			result = "Parameter Group Deleted"
			sql = "COMMIT"
			runsqlcommand(sql)
		end
		if connected then databasedisconnect() end
	end)
	if not res and err then
		pcall(function() con:execute("ROLLBACK") end)
		errtxt = err
	end

	return cfe({ value=result, errtxt=errtxt, label="Delete Parameter Group Result" })
end

list_params = function()
	local retval = {}
	local errtxt
	-- Get the params from the DB
        local res, err = pcall(function()
		local connected = databaseconnect()
		local sql = "SELECT * FROM provisioning_params ORDER BY seq ASC, name ASC, label ASC"
		retval = getselectresponse(sql)
		if connected then databasedisconnect() end
	end)
	if not res and err then
		errtxt = err
	end

	return cfe({ type="structure", value=retval, label="List of Parameters", errtxt=errtxt })
end

get_param = function(param_id)
	local retval = {}
	retval.param_id = cfe({value=param_id or "", label="Param ID", seq=1})
	retval.name = cfe({label="Name", seq=2})
	retval.type = cfe({type="select", label="Type", option={"text", "boolean", "select"}, seq=3})
	retval.label = cfe({label="Label", seq=4})
	retval.descr = cfe({label="Description", seq=5})
	retval.value = cfe({label="Default Value", descr="Warning, this value is not validated", seq=6})
	retval.regexp = cfe({label="Regular Expression", descr="Lua regular expression for validating the text parameter value", seq=7})
	retval.seq = cfe({label="Sequence", seq=8})
-- FIXME - we should add validation and option stuff here
	local errtxt
	local res, err = pcall(function()
		local connected = databaseconnect()
		if param_id and param_id ~= "" then
			sql = "SELECT * FROM provisioning_params WHERE param_id='"..escape(param_id).."'"
			tmp = getselectresponse(sql)
			if tmp and #tmp > 0 then
				for n,v in pairs(tmp[1]) do
					if retval[n] then
						retval[n].value = v
					end
				end
			end
		end
		if connected then databasedisconnect() end
	end)
	if not res and err then
		errtxt = err
	end

	return cfe({ type="group", value=retval, label="Provisioning Parameter", errtxt=errtxt })
end

create_param = function(param)
	return update_param(param, true)
end

update_param = function(param, create)
	local success = true
	local errtxt
	-- Validate the settings
	success = modelfunctions.validateselect(param.value.type)
	if param.value.name.value == "" then
		success = false
		param.value.name.errtxt = "Cannot be blank"
	end
	if param.value.label.value == "" then
		success = false
		param.value.label.errtxt = "Cannot be blank"
	end
	if not validator.is_integer(param.value.seq.value) then
		success = false
		param.value.seq.errtxt = "Must be an integer"
	end
	if success then
        	local res, err = pcall(function()
			local connected = databaseconnect()
			if not create then
				local sql = "SELECT * FROM provisioning_params WHERE param_id='"..escape(param.value.param_id.value).."'"
				local tmp = getselectresponse(sql)
				if not tmp or #tmp == 0 then
					success = false
					errtxt = "Param does not exist"
				end
			end
			if success then
				local sql = "BEGIN TRANSACTION"
				runsqlcommand(sql)
				if create then
					sql = "INSERT INTO provisioning_params VALUES(DEFAULT, '"..escape(param.value.name.value).."', '"..escape(param.value.type.value).."', '"..escape(param.value.label.value).."', '"..escape(param.value.descr.value).."', '"..escape(param.value.value.value).."', '"..escape(param.value.seq.value).."', '"..escape(param.value.regexp.value).."')"
					runsqlcommand(sql, true)
					sql = "SELECT param_id FROM provisioning_params WHERE name='"..escape(param.value.name.value).."' AND label='"..escape(param.value.label.value).."'"
					local tmp = getselectresponse(sql, true)
					if tmp and #tmp>0 then
						param.value.param_id.value = tmp[1].param_id
					end
				else
					sql = "UPDATE provisioning_params SET (name, type, label, descr, value, seq, regexp) = ('"..escape(param.value.name.value).."', '"..escape(param.value.type.value).."', '"..escape(param.value.label.value).."', '"..escape(param.value.descr.value).."', '"..escape(param.value.value.value).."', '"..escape(param.value.seq.value).."', '"..escape(param.value.regexp.value).."') WHERE param_id='"..escape(param.value.param_id.value).."'"
					runsqlcommand(sql, true)
				end

				sql = "COMMIT"
				runsqlcommand(sql)
			end
			if connected then databasedisconnect() end
		end)
		if not res and err then
			pcall(function() con:execute("ROLLBACK") end)
			success = false
			errtxt = err
		end
	end
	if not success then
		if create then
			param.errtxt = errtxt or "Failed to create parameter"
		else
			param.errtxt = errtxt or "Failed to save parameter"
		end
	end
	return param
end

delete_param = function(param_id)
	local result = ""
	local errtxt
       	local res, err = pcall(function()
		local connected = databaseconnect()
		local sql = "SELECT * FROM provisioning_params WHERE param_id='"..escape(param_id).."'"
		local tmp = getselectresponse(sql)
		if #tmp == 0 then
			errtxt = "Parameter does not exist"
		else
			sql = "BEGIN TRANSACTION"
			runsqlcommand(sql)
			sql = "DELETE FROM provisioning_params WHERE param_id='"..escape(param_id).."'"
			runsqlcommand(sql, true)
			sql = "DELETE FROM provisioning_options WHERE param_id='"..escape(param_id).."'"
			runsqlcommand(sql, true)
			result = "Parameter Deleted"
			sql = "COMMIT"
			runsqlcommand(sql)
		end
		if connected then databasedisconnect() end
	end)
	if not res and err then
		pcall(function() con:execute("ROLLBACK") end)
		errtxt = err
	end

	return cfe({ value=result, errtxt=errtxt, label="Delete Parameter Result" })
end

list_devices = function()
	local retval = {}
	local errtxt
	-- Get the devices from the DB
        local res, err = pcall(function()
		local connected = databaseconnect()
		local sql = "SELECT * FROM provisioning_devices WHERE name IS NOT NULL ORDER BY name ASC, label ASC"
		retval = getselectresponse(sql)
		if connected then databasedisconnect() end
	end)
	if not res and err then
		errtxt = err
	end

	return cfe({ type="structure", value=retval, label="List of Devices", errtxt=errtxt })
end

get_device = function(device_id)
	local retval = {}
	retval.device_id = cfe({value=device_id or "", label="Device ID", seq=1})
	retval.name = cfe({label="Name", seq=2})
	retval.label = cfe({label="Label", seq=3})
	retval.template_id = cfe({type="select", label="Template", option={}, seq=4})
	retval.classes = cfe({type="group", value={}, label="Classes", seq=5})
	local errtxt
	local res, err = pcall(function()
		local classes={}
		local connected = databaseconnect()
		if device_id and device_id ~= "" then
			local sql = "SELECT * FROM provisioning_devices WHERE device_id='"..escape(device_id).."'"
			local tmp = getselectresponse(sql)
			if tmp and #tmp > 0 then
				for n,v in pairs(tmp[1]) do
					if retval[n] then
						retval[n].value = v
					end
				end
			end
			-- Now, get the device-to-class mappings
			sql = "SELECT class_id FROM devices_to_classes WHERE device_id="..escape(device_id)
			tmp = getselectresponse(sql)
			for i,g in ipairs(tmp) do
				classes[g.class_id] = true
			end
		end
		-- Next, get the template options
		sql = "SELECT template_id, label FROM provisioning_templates ORDER BY label ASC, filename ASC"
		tmp = getselectresponse(sql)
		for i,t in ipairs(tmp) do
			retval.template_id.option[#retval.template_id.option + 1] = {value=t.template_id, label=t.label}
		end
		-- Finally, get the class options
		sql = "SELECT * FROM provisioning_classes ORDER BY name ASC, label ASC"
		tmp = getselectresponse(sql)
		for i,c in ipairs(tmp) do
			if not retval.classes.value[c.name] then
				retval.classes.value[c.name] = cfe({type="select", label=c.name, option={{value="", label=""}}, seq=i})
			end
			local class = retval.classes.value[c.name]
			class.option[#class.option + 1] = {value=c.class_id, label=c.label}
			if classes[c.class_id] then
				class.value = c.class_id
			end
		end
		if connected then databasedisconnect() end
	end)
	if not res and err then
		errtxt = err
	end

	-- Save the device for later use
	local output = cfe({ type="group", value=retval, label="Provisioning Device", errtxt=errtxt })
	if device_id and device_id ~= "" then saved_devices[device_id] = duplicatestructure(output) end
	return output
end

create_device = function(device)
	return update_device(device, true)
end

update_device = function(device, create)
	local success = true
	local errtxt
	-- Validate the settings
	success = modelfunctions.validateselect(device.value.template_id)
	if device.value.name.value == "" then
		success = false
		device.value.name.errtxt = "Cannot be blank"
	end
	for n,c in pairs(device.value.classes.value) do
		success = modelfunctions.validateselect(c) and success
	end
	if success then
        	local res, err = pcall(function()
			local connected = databaseconnect()
			if not create then
				local sql = "SELECT * FROM provisioning_devices WHERE device_id='"..escape(device.value.device_id.value).."'"
				local tmp = getselectresponse(sql)
				if not tmp or #tmp == 0 then
					success = false
					errtxt = "Device does not exist"
				end
			end
			if success then
				local sql = "BEGIN TRANSACTION"
				runsqlcommand(sql)
				if create then
					sql = "INSERT INTO provisioning_devices VALUES(DEFAULT, '"..escape(device.value.name.value).."', '"..escape(device.value.label.value).."', '"..escape(device.value.template_id.value).."')"
					runsqlcommand(sql, true)
					sql = "SELECT device_id FROM provisioning_devices WHERE name='"..escape(device.value.name.value).."' AND label='"..escape(device.value.label.value).."'"
					local tmp = getselectresponse(sql, true)
					if tmp and #tmp>0 then
						device.value.device_id.value = tmp[1].device_id
					end
				else
					sql = "UPDATE provisioning_devices SET (name, label, template_id) = ('"..escape(device.value.name.value).."', '"..escape(device.value.label.value).."', '"..escape(device.value.template_id.value).."') WHERE device_id='"..escape(device.value.device_id.value).."'"
					runsqlcommand(sql, true)
					sql = "DELETE FROM devices_to_classes WHERE device_id='"..escape(device.value.device_id.value).."'"
					runsqlcommand(sql, true)
				end
				-- Insert the device to class entries
				for n,c in pairs(device.value.classes.value) do
					if c.value ~= "" then
						sql = "INSERT INTO devices_to_classes VALUES('"..escape(device.value.device_id.value).."', '"..escape(c.value).."')"
						runsqlcommand(sql, true)
					end
				end

				sql = "COMMIT"
				runsqlcommand(sql)

				callscript(updatedevicescriptfile, device, saved_devices[device.value.device_id.value])
			end
			if connected then databasedisconnect() end
		end)
		if not res and err then
			pcall(function() con:execute("ROLLBACK") end)
			success = false
			errtxt = err
		end
	end
	if not success then
		if create then
			device.errtxt = errtxt or "Failed to create device"
		else
			device.errtxt = errtxt or "Failed to save device"
		end
	end
	return device
end

delete_device = function(device_id)
	local result = ""
	local errtxt
       	local res, err = pcall(function()
		local connected = databaseconnect()
		local sql = "SELECT * FROM provisioning_devices WHERE device_id='"..escape(device_id).."'"
		local tmp = getselectresponse(sql)
		if #tmp == 0 then
			errtxt = "Device does not exist"
		else
			sql = "BEGIN TRANSACTION"
			runsqlcommand(sql)
			sql = "DELETE FROM provisioning_values WHERE device_id='"..escape(device_id).."'"
			runsqlcommand(sql, true)
			sql = "DELETE FROM devices_to_classes WHERE device_id='"..escape(device_id).."'"
			runsqlcommand(sql, true)
			sql = "DELETE FROM provisioning_devices WHERE device_id='"..escape(device_id).."'"
			runsqlcommand(sql, true)
			result = "Device Deleted"
			sql = "COMMIT"
			runsqlcommand(sql)
		end
		if connected then databasedisconnect() end
	end)
	if not res and err then
		pcall(function() con:execute("ROLLBACK") end)
		errtxt = err
	end

	return cfe({ value=result, errtxt=errtxt, label="Delete Device Result" })
end

get_editable_device_params = function(device_id)
	return get_device_params(device_id, true)
end

get_device_params = function(device_id, editable)
	local retval = {}
	retval.device_id = cfe({value=device_id or "", label="Device ID", seq=0})
	retval.name = cfe({label="Name", seq=0})
	retval.label = cfe({label="Label", seq=0})
	local errtxt = "Cannot find device"
	if device_id and device_id ~= "" then
		local res, err = pcall(function()
			local connected = databaseconnect()
			-- First, just check to see if device_id exists
			local sql = "SELECT * FROM provisioning_devices WHERE device_id='"..escape(device_id).."'"
			local tmp = getselectresponse(sql)
			if tmp and #tmp > 0 then
				errtxt = nil
				retval.name.value = tmp[1].name
				retval.label.value = tmp[1].label
				-- Next, get all of the param groups
				sql = "SELECT * FROM provisioning_groups"
				local tmp = getselectresponse(sql)
				-- Loop through the groups and put them into the result
				for i,g in ipairs(tmp) do
					retval[g.name] = g
					retval[g.name].label = g.name
					retval[g.name].type="group"
				end
				-- Then, get all of the parameters for this device
				sql = "SELECT g.name AS group, p.param_id, p.name, p.type, p.label, p.descr, p.seq, p.regexp, CASE WHEN v.value IS NOT NULL THEN v.value WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END AS value, g2p.value AS default "..
					"FROM (devices_to_classes d2t JOIN provisioning_classes t USING(class_id) JOIN classes_to_param_groups t2g USING (class_id) JOIN provisioning_groups g USING(group_id) "..
						"JOIN param_groups_to_params g2p USING(group_id) JOIN provisioning_params p USING(param_id)) LEFT JOIN provisioning_values v ON(d2t.device_id=v.device_id AND p.param_id=v.param_id AND g.name=v.group_name ) "..
					"WHERE d2t.device_id='"..escape(device_id).."'"
				if editable then
					sql = sql.." AND g2p.editable='t'"
				end
				local tmp = getselectresponse(sql)
				-- Loop through the params to figure out options and put them into the groups
				for i,p in ipairs(tmp) do
					-- Options
					if (p.type == "select") then
						sql = "SELECT * FROM provisioning_options WHERE param_id='"..escape(p.param_id).."' ORDER BY seq ASC"
						p.option = getselectresponse(sql) or {}
					end
					-- Groups
					if not retval[p.group].value then
						retval[p.group].value = {}
					end
					local value = retval[p.group].value
					if p.type == "boolean" then
						p.value = (p.value == "true")
					end
					value[p.name] = p
				end
				-- Finally, loop through the result and remove empty groups
				for name,val in pairs(retval) do
					if not val.value then
						retval[name] = nil
					end
				end
			end
			if connected then databasedisconnect() end
		end)
		if not res and err then
			errtxt = err
		end
	end

	-- Save the device for later use
	local output = cfe({ type="group", value=retval, label="Provisioning Device Parameters", errtxt=errtxt })
	if device_id and device_id ~= "" then saved_device_params[device_id] = duplicatestructure(output) end
	return output
end

set_editable_device_params = function(params)
	return set_device_params(params, true)
end

set_device_params = function(params, editable)
	-- Validate the settings
	local success = validateparam(params)
	local errtxt
	if success then
        	local res, err = pcall(function()
			local connected = databaseconnect()
			if not create then
				local sql = "SELECT * FROM provisioning_devices WHERE device_id='"..escape(params.value.device_id.value).."'"
				local tmp = getselectresponse(sql)
				if not tmp or #tmp == 0 then
					success = false
					errtxt = "Device does not exist"
				end
			end
			if success then
				local sql = "BEGIN TRANSACTION"
				runsqlcommand(sql)
				if not editable then
					-- Delete all values for this device (can't do this if only updating editable)
					sql = "DELETE FROM provisioning_values WHERE device_id='"..escape(params.value.device_id.value).."'"
					runsqlcommand(sql, true)
				end
				-- Loop through the groups and params
				for group,v in pairs(params.value) do
					if v.type == "group" then
						for name,param in pairs(v.value) do
							if editable then
								sql = "DELETE FROM provisioning_values WHERE device_id='"..escape(params.value.device_id.value).."' AND group_name='"..escape(group).."' AND param_id='"..escape(param.param_id).."'"
								runsqlcommand(sql, true)
							end
							if tostring(param.value) ~= param.default then
								sql = "INSERT INTO provisioning_values VALUES('"..escape(params.value.device_id.value).."', '"..escape(group).."', '"..escape(param.param_id).."', '"..escape(tostring(param.value)).."')"
								runsqlcommand(sql, true)
							end
						end
					end
				end

				sql = "COMMIT"
				runsqlcommand(sql)
				
				callscript(updatedeviceparamsscriptfile, params, saved_device_params[params.value.device_id.value])
			end
			if connected then databasedisconnect() end
		end)
		if not res and err then
			pcall(function() con:execute("ROLLBACK") end)
			success = false
			errtxt = err
		end
	end
	if not success then
		params.errtxt = errtxt or "Failed to save device parameters"
	end
	return params
end

get_device_values_by_name = function(name)
	local retval = {}
	retval.device_id = cfe({label="Device ID", seq=1})
	retval.name = cfe({value=name or "", label="Name", seq=2})
	retval.label = cfe({label="Label", seq=3})
	retval.template = cfe({type="select", label="Template", option={}, seq=4})
	retval.values = cfe({type="structure", value={}, label="Parameter Values", option={}, seq=5})
	local errtxt
	local res, err = pcall(function()
		local connected = databaseconnect()
		if name and name ~= "" then
			local sql = "SELECT d.device_id, d.name, d.label, t.filename AS template FROM provisioning_devices d JOIN provisioning_templates t USING(template_id) WHERE name='"..escape(name).."'"
			local tmp = getselectresponse(sql)
			if tmp and #tmp > 0 then
				for n,v in pairs(tmp[1]) do
					if retval[n] then
						retval[n].value = v
					end
				end
				
				-- Next, get all of the parameter values for this device
				retval.values = get_device_values(tmp[1].device_id)
				retval.values.seq = 5
			else
				errtxt = "Invalid device name"
			end
			if connected then databasedisconnect() end
		else
			errtxt = "Invalid device name"
		end
	end)
	if not res and err then
		errtxt = err
	end

	return cfe({ type="group", value=retval, label="Provisioning Device Parameter Values", errtxt=errtxt })
end

get_device_values = function(device_id)
	local retval = {}
	local errtxt
	if device_id and device_id ~= "" then
		local res, err = pcall(function()
			local connected = databaseconnect()
			local sql = "SELECT g.name AS group, p.name, p.type, CASE WHEN v.value IS NOT NULL THEN v.value WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END AS value "..
				"FROM (devices_to_classes d2t JOIN provisioning_classes t USING(class_id) JOIN classes_to_param_groups t2g USING(class_id) JOIN provisioning_groups g USING(group_id) "..
					"JOIN param_groups_to_params g2p USING(group_id) JOIN provisioning_params p USING(param_id)) LEFT JOIN provisioning_values v ON(d2t.device_id=v.device_id AND p.param_id=v.param_id AND g.name=v.group_name ) "..
				"WHERE d2t.device_id='"..escape(device_id).."'"
			local tmp = getselectresponse(sql)
			-- Loop through the params and put them into the groups
			for i,p in ipairs(tmp) do
				if p.type == "boolean" then
					p.value = (p.value == "true")
				end
				if not retval[p.group] then
					retval[p.group] = {}
				end
				retval[p.group][p.name] = p.value
			end
			if connected then databasedisconnect() end
		end)
		if not res and err then
			errtxt = err
		end
	else
		errtxt = "Invalid device id"
	end

	return cfe({type="structure", value=retval, label="Parameter Values", errtxt=errtxt})
end

search_device_values = function(parameter_id, parameter_value, comparison)
	local errtxt
	retval = {}
	retval.id = cfe({type="select", value=parameter_id or "name", label="Parameter", option={"name", "label", "template_id", "template"}, seq=1})
	retval.comparison = cfe({type="select", value=comparison or "=", label="Comparison", option={"=", "!=", "~", "!~", "~*", "!*~"}, seq=2})
	retval.value = cfe({label="Parameter Value", value=parameter_value, descr="Parameter value or SQL regular expression", seq=3})
	retval.result = cfe({type="structure", value={}, label="List of Devices", seq=4 })
        local res, err = pcall(function()
		local connected = databaseconnect()
		-- Get the group/parameter options
		local sql = "SELECT g.name AS group_name, p.name AS param_name FROM provisioning_groups g JOIN param_groups_to_params USING(group_id) JOIN provisioning_params p USING(param_id) GROUP BY g.name, p.name ORDER BY g.name ASC, p.name ASC"
		local tmp = getselectresponse(sql)
		local blankopt = {}
		local blankexists = {}
		for i,v in ipairs(tmp) do
			retval.id.option[#retval.id.option + 1] = v.group_name.."."..v.param_name
			if not blankexists[v.param_name] then
				blankopt[#blankopt+1] = "."..v.param_name
				blankexists[v.param_name] = true
			end
		end
		table.sort(blankopt)
		for i,o in ipairs(blankopt) do
			retval.id.option[#retval.id.option + 1] = o
		end
		-- Get the devices from the DB
		if parameter_id and modelfunctions.validateselect(retval.id) and modelfunctions.validateselect(retval.comparison) then
			parameter_value = parameter_value or ""
			sql = "SELECT d.device_id, d.name, d.label, d.template_id, "
			local group, param = string.match(parameter_id or "", "([^%.]*)%.(.*)")
			if not group then
				sql = sql.."'"..escape(parameter_id).."' AS param, "
				if parameter_id == "name" or parameter_id=="label" then
					sql = sql.."d."..escape(parameter_id).." AS value FROM provisioning_devices d WHERE d."..escape(parameter_id)
				elseif parameter_id=="template_id" then
					sql = sql.."d.template_id AS value FROM provisioning_devices d WHERE CAST(d.template_id AS text)"
				elseif parameter_id=="template" then
					-- Search by template label
					sql = sql.."t.label AS value FROM provisioning_devices d JOIN provisioning_templates t USING(template_id) WHERE t.label"
				end
				sql = sql..retval.comparison.value.."'"..escape(parameter_value).."'"
			else
				sql = sql.."g.name as group, p.name as param, CASE WHEN v.value IS NOT NULL THEN v.value WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END as value FROM "..
					"provisioning_devices d JOIN devices_to_classes d2t USING(device_id) JOIN provisioning_classes t USING(class_id) JOIN classes_to_param_groups t2g USING(class_id) "..
					"JOIN provisioning_groups g USING(group_id) JOIN param_groups_to_params g2p USING(group_id) JOIN provisioning_params p USING(param_id) "..
					"LEFT JOIN provisioning_values v ON(d2t.device_id=v.device_id AND p.param_id=v.param_id AND g.name=v.group_name ) "
				if group and group ~= "" then
					sql = sql.."WHERE g.name='"..escape(group).."' AND"
				else
					sql = sql.."WHERE"
				end
				sql = sql.." p.name='"..escape(param).."' AND CASE WHEN v.value IS NOT NULL THEN v.value WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END"..retval.comparison.value.."'"..escape(parameter_value).."'"
			end
			sql = sql.." ORDER BY d.name ASC, d.label ASC"
			retval.result.value = getselectresponse(sql)
		end
		if connected then databasedisconnect() end
	end)
	if not res and err then
		errtxt = err
	end
	return cfe({type="group", value=retval, label="Device Search", errtxt=errtxt})
end

get_param_options = function(param_id)
	local retval = {}
	retval.param_id = cfe({value=param_id or "", label="Parameter ID", seq=0})
	retval.name = cfe({label="Name", seq=1})
	retval.label = cfe({label="Label", seq=2})
	retval.options = cfe({type="list", value={}, label="Value Options", descr="Ordered list of options where each option is made up of 'value' or 'value,label'", seq=3})
	local errtxt = "Cannot find parameter"
	if param_id and param_id ~= "" then
		local res, err = pcall(function()
			local connected = databaseconnect()
			-- First, just check to see if param_id exists
			local sql = "SELECT * FROM provisioning_params WHERE param_id='"..escape(param_id).."'"
			local tmp = getselectresponse(sql)
			if tmp and #tmp > 0 then
				errtxt = nil
				retval.name.value = tmp[1].name
				retval.label.value = tmp[1].label
				-- Next, get all of the param options
				sql = "SELECT * FROM provisioning_options WHERE param_id='"..escape(param_id).."' ORDER BY seq ASC"
				local tmp = getselectresponse(sql) or {}
				for i,t in ipairs(tmp) do
					retval.options.value[#retval.options.value + 1] = t.value..","..t.label
				end
			end
			if connected then databasedisconnect() end
		end)
		if not res and err then
			errtxt = err
		end
	end
	return cfe({ type="group", value=retval, label="Provisioning Parameter Options", errtxt=errtxt })
end

set_param_options = function(options)
	local success = true
	local errtxt
	-- Validate the settings
--FIXME
	if success then
        	local res, err = pcall(function()
			local connected = databaseconnect()
			local sql = "SELECT * FROM provisioning_params WHERE param_id='"..escape(options.value.param_id.value).."'"
			local tmp = getselectresponse(sql)
			if not tmp or #tmp == 0 then
				success = false
				errtxt = "Parameter does not exist"
			end
			if success then
				local sql = "BEGIN TRANSACTION"
				runsqlcommand(sql)
				-- Delete all options for this device
				sql = "DELETE FROM provisioning_options WHERE param_id='"..escape(options.value.param_id.value).."'"
				runsqlcommand(sql, true)
				-- Loop through the options
				for i,o in ipairs(options.value.options.value) do
					local v,l = string.match(o, "^%s*([^,]+),%s*(.*%S)%s*$")
					if v then
						v = string.match(v, "^(.*%S)%s*$")
					else
						v = string.match(o, "^%s*(.*%S)%s*$")
						l = v
					end
					sql = "INSERT INTO provisioning_options VALUES('"..escape(options.value.param_id.value).."', '"..escape(l).."', '"..escape(v).."', '"..i.."')"
					runsqlcommand(sql, true)
				end
				sql = "COMMIT"
				runsqlcommand(sql)
			end
			if connected then databasedisconnect() end
		end)
		if not res and err then
			pcall(function() con:execute("ROLLBACK") end)
			success = false
			errtxt = err
		end
	end
	if not success then
		options.errtxt = errtxt or "Failed to save options"
	end
	return options
end

function get_filedetails(filename)
	return modelfunctions.getfiledetails(filename, {updatedevicescriptfile, updatedeviceparamsscriptfile})
end

function update_filedetails(filedetails)
	return modelfunctions.setfiledetails(filedetails, {updatedevicescriptfile, updatedeviceparamsscriptfile}, validatefiledetails)
end

function list_files()
	local retval = {}
	for i,file in ipairs({updatedevicescriptfile, updatedeviceparamsscriptfile}) do
		local details = fs.stat(file) or {}
		details.filename = file
		table.insert(retval, details)
	end
	table.sort(retval, function(a,b) return a.filename < b.filename end)
	return cfe({ type="structure", value=retval, label="List of Provisioning Script files" })
end